ZAP Scanning Report

Sites: http://demo.guru99.com https://demo.guru99.com http://public-firing-range.appspot.com https://public-firing-range.appspot.com https://optimizationguide-pa.googleapis.com http://localhost:8090

Generated on Sun, 21 Jul 2024 10:40:21

ZAP Version: 2.15.0

ZAP is supported by the Crash Override Open Source Fellowship

Summary of Alerts

Risk Level Number of Alerts
High
2
Medium
8
Low
15
Informational
9
False Positives:
0

Alerts

Name Risk Level Number of Instances
Open Redirect High 1
PII Disclosure High 3
Absence of Anti-CSRF Tokens Medium 123
CSP: Wildcard Directive Medium 1
CSP: script-src unsafe-eval Medium 1
CSP: style-src unsafe-inline Medium 1
Content Security Policy (CSP) Header Not Set Medium 682
Missing Anti-clickjacking Header Medium 438
Secure Pages Include Mixed Content (Including Scripts) Medium 34
Vulnerable JS Library Medium 26
Application Error Disclosure Low 32
Big Redirect Detected (Potential Sensitive Information Leak) Low 9
CSP: Notices Low 1
Cookie No HttpOnly Flag Low 3
Cookie Without Secure Flag Low 3
Cookie without SameSite Attribute Low 8
Cross-Domain JavaScript Source File Inclusion Low 402
Information Disclosure - Debug Error Messages Low 2
Private IP Disclosure Low 3
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) Low 4
Server Leaks Version Information via "Server" HTTP Response Header Field Low 64
Strict-Transport-Security Header Not Set Low 911
Strict-Transport-Security Missing Max-Age (Non-compliant with Spec) Low 1
Timestamp Disclosure - Unix Low 2
X-Content-Type-Options Header Missing Low 662
Authentication Request Identified Informational 12
Information Disclosure - Sensitive Information in URL Informational 1
Information Disclosure - Suspicious Comments Informational 175
Loosely Scoped Cookie Informational 40
Modern Web Application Informational 327
Re-examine Cache-control Directives Informational 119
Session Management Response Identified Informational 393
User Controllable HTML Element Attribute (Potential XSS) Informational 64
User Controllable JavaScript Event (XSS) Informational 3

Alert Detail

High
Open Redirect
Description
Open redirects are one of the OWASP 2010 Top Ten vulnerabilities. This check looks at user-supplied input in query string parameters and POST data to identify where open redirects might be possible. Open redirects occur when an application allows user-supplied input (e.g. https://nottrusted.com) to control an offsite redirect. This is generally a pretty accurate way to find where 301 or 302 redirects could be exploited by spammers or phishing attacks.

For example an attacker could supply a user with the following link: https://example.com/example.php?url=https://malicious.example.com.
URL https://public-firing-range.appspot.com/urldom/redirect?url=http://example.com
Method GET
Parameter url
Attack
Evidence
Other Info The 301 or 302 response to a request for the following URL appeared to contain user input in the location header: https://public-firing-range.appspot.com/urldom/redirect?url=http://example.com The user input found was: url=http://example.com The context was: http://example.com
Instances 1
Solution
To avoid the open redirect vulnerability, parameters of the application script/program must be validated before sending 302 HTTP code (redirect) to the client browser. Implement safe redirect functionality that only redirects to relative URI's, or a list of trusted domains
Reference https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
https://cwe.mitre.org/data/definitions/601.html
CWE Id 601
WASC Id 38
Plugin Id 10028
High
PII Disclosure
Description
The response contains Personally Identifiable Information, such as CC number, SSN and similar sensitive data.
URL https://demo.guru99.com/payment-gateway/cardnumber.php
Method GET
Parameter
Attack
Evidence 4006840058034385
Other Info Credit Card Type detected: Visa Bank Identification Number: 400684 Brand: VISA Category: CLASSIC Issuer: ING BANK, A.S.
URL https://demo.guru99.com/payment-gateway/cardnumber.php
Method GET
Parameter
Attack
Evidence 4600952493734873
Other Info Credit Card Type detected: Visa Bank Identification Number: 460095 Brand: VISA Category: Issuer: VICTORIABANK
URL https://demo.guru99.com/payment-gateway/cardnumber.php
Method GET
Parameter
Attack
Evidence 4657307961433106
Other Info Credit Card Type detected: Visa Bank Identification Number: 465730 Brand: VISA Category: Issuer:
Instances 3
Solution
Check the response for the potential presence of personally identifiable information (PII), ensure nothing sensitive is leaked by the application.
Reference
CWE Id 359
WASC Id 13
Plugin Id 10062
Medium
Absence of Anti-CSRF Tokens
Description
No Anti-CSRF tokens were found in a HTML submission form.

A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

CSRF attacks are effective in a number of situations, including:

* The victim has an active session on the target site.

* The victim is authenticated via HTTP auth on the target site.

* The victim is on the same local network as the target site.

CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
URL http://localhost:8090/bodgeit/advanced.jsp
Method GET
Parameter
Attack
Evidence <form id="advanced" name="advanced" method="POST" onsubmit="return validateForm(this);false;">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "desc" "price" "product" "type" ].
URL http://localhost:8090/bodgeit/advanced.jsp
Method GET
Parameter
Attack
Evidence <form id="query" name="advanced" method="POST">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "q" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "update" ].
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence <form method="POST">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "password" "submit" "username" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=1
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=10
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=11
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=12
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=13
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=14
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=15
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=16
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=17
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=18
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=19
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=2
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=20
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=21
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=22
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=23
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=24
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=25
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=26
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=27
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=28
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=29
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=3
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=30
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=31
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=32
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=4
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=5
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=6
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=7
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=8
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/product.jsp?prodid=9
Method GET
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ].
URL http://localhost:8090/bodgeit/register.jsp
Method GET
Parameter
Attack
Evidence <form method="POST">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "password1" "password2" "submit" "username" ].
URL http://localhost:8090/bodgeit/search.jsp
Method GET
Parameter
Attack
Evidence <FORM name='query' method='GET'>
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "q" ].
URL https://demo.guru99.com/
Method GET
Parameter
Attack
Evidence <form NAME="frmLogin" METHOD="POST" ACTION="index.php" onsubmit="return validateEmail();">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "emailid" ].
URL https://demo.guru99.com/Agile_Project/Agi_V1/
Method GET
Parameter
Attack
Evidence <form NAME="frmLogin" METHOD="POST" ACTION="index.php">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "btnReset" "password" "uid" ].
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method GET
Parameter
Attack
Evidence <form NAME="frmLogin" METHOD="POST" ACTION="index.php">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "btnReset" "password" "uid" ].
URL https://demo.guru99.com/insurance/v1/header.php
Method GET
Parameter
Attack
Evidence <form action="logout.php" class="button_to" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "" ].
URL https://demo.guru99.com/insurance/v1/header.php
Method GET
Parameter
Attack
Evidence <form accept-charset="UTF-8" action="new_quotation.php" class="new_quotation" enctype="multipart/form-data" id="new_quotation" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "new_quote" "quotation[user_id]" "quotation_incidents" "quotation_vehicle_attributes_mileage" "quotation_vehicle_attributes_registration" "quotation_vehicle_attributes_value" "quotation_windscreenrepair_f" "quotation_windscreenrepair_t" "resetquote" "submit" "utf8" ].
URL https://demo.guru99.com/insurance/v1/header.php
Method GET
Parameter
Attack
Evidence <form action="retrieve_quotation.php" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "getquote" "id" ].
URL https://demo.guru99.com/insurance/v1/header.php
Method GET
Parameter
Attack
Evidence <form accept-charset="UTF-8" action="" class="edit_user" enctype="multipart/form-data" id="edit_user_" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "_method" "commit" "user_address_attributes_city" "user_address_attributes_county" "user_address_attributes_id" "user_address_attributes_postcode" "user_address_attributes_street" "user_firstname" "user_licencetype_f" "user_licencetype_t" "user_phone" "user_surname" "utf8" ].
URL https://demo.guru99.com/insurance/v1/index.php
Method GET
Parameter
Attack
Evidence <form accept-charset="UTF-8" action="" method="post" id="login-form">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "email" "password" "submit" ].
URL https://demo.guru99.com/insurance/v1/register.php
Method GET
Parameter
Attack
Evidence <form accept-charset="UTF-8" action="" class="new_user" enctype="multipart/form-data" id="new_user" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "licencetype_f" "licencetype_t" "new_user" "resetform" "submit" "user_address_attributes_city" "user_address_attributes_county" "user_address_attributes_postcode" "user_address_attributes_street" "user_firstname" "user_phone" "user_surname" "user_user_detail_attributes_email" "user_user_detail_attributes_password" "user_user_detail_attributes_password_confirmation" "utf8" ].
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method GET
Parameter
Attack
Evidence <form method="post" action="check_credit_balance.php" name="fb2" onSubmit="return validate();">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "card_nmuber" "submit" ].
URL https://demo.guru99.com/payment-gateway/index.php
Method GET
Parameter
Attack
Evidence <form action="process_purchasetoy.php" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "" ].
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method GET
Parameter
Attack
Evidence <form name="fbal" method="post" action="process_card.php" onSubmit="return validate();">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "card_nmuber" "cvv_code" "prices" "submit" ].
URL https://demo.guru99.com/payment-gateway/purchasetoy.php
Method GET
Parameter
Attack
Evidence <form action="process_purchasetoy.php" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "" ].
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method GET
Parameter
Attack
Evidence <form NAME="frmLogin" METHOD="POST" ACTION="index.php">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "btnReset" "password" "uid" ].
URL https://demo.guru99.com/selenium/facebook.html
Method GET
Parameter
Attack
Evidence <form id="login_form" action="https://web.archive.org/web/20130925210322/https://www.facebook.com/login.php?login_attempt=1" method="post" onsubmit="return window.Event &amp;&amp; Event.__inlineSubmit &amp;&amp; Event.__inlineSubmit(this,event)">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "default_persistent" "email" "lgnjs" "lgnrnd" "locale" "lsd" "pass" "persist_box" "u_0_a" "u_0_b" ].
URL https://demo.guru99.com/telecom/addcustomer.php
Method GET
Parameter
Attack
Evidence <form method="post" action="insertcustomer.php" onSubmit="return validatenewCust();">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "done" "email" "fname" "lname" "pending" "submit" "telephoneno" ].
URL https://demo.guru99.com/telecom/addtariffplans.php
Method GET
Parameter
Attack
Evidence <form method="post" action="addtariffplans.php" onSubmit="return validatenewCust();">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "inter_charges" "inter_minutes" "local_minutes" "minutes_charges" "rental1" "sms_charges" "sms_pack" "submit" ].
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method GET
Parameter
Attack
Evidence <form method="post" action="assigntariffplantocustomer.php" onSubmit="return validatenewCust15();" >
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "customer_id" "submit" ].
URL https://demo.guru99.com/telecom/billing.php
Method GET
Parameter
Attack
Evidence <form method="post" action="billing.php" onSubmit="return validatenewCust15();" >
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "customer_id" "submit" ].
URL https://demo.guru99.com/test/
Method GET
Parameter
Attack
Evidence <form action="birthdate.php" method="post" name="bdate" style="margin-left:50px;">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "bdaytime" ].
URL https://demo.guru99.com/test/ajax.html
Method GET
Parameter
Attack
Evidence <form>
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "buttoncheck" "no" "yes" ].
URL https://demo.guru99.com/test/ajax.html?name=ZAP
Method GET
Parameter
Attack
Evidence <form>
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "buttoncheck" "no" "yes" ].
URL https://demo.guru99.com/test/autoit.html
Method GET
Parameter
Attack
Evidence <form class="jotform-form" action="https://submit.jotform.me/submit/71343664435457/" method="post" enctype="multipart/form-data" name="form_71343664435457" id="71343664435457" accept-charset="utf-8">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "formID" "input_3" "input_4" "input_5" "input_7" "input_7_0" "input_7_1" "input_7_2" "input_8" "other_7" "simple_spc" "website" ].
URL https://demo.guru99.com/test/cookie/selenium_aut.php
Method GET
Parameter
Attack
Evidence <form class="form-signin" action="selenium_cookie.php" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "password" "username" ].
URL https://demo.guru99.com/test/delete_customer.php
Method GET
Parameter
Attack
Evidence <form onsubmit="return confirm('Do you really want to delete this Customer?');" action="delete_customer.php" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cusid" "res" "submit" ].
URL https://demo.guru99.com/test/facebook.html
Method GET
Parameter
Attack
Evidence <form id="login_form" action="https://web.archive.org/web/20130925210322/https://www.facebook.com/login.php?login_attempt=1" method="post" onsubmit="return window.Event &amp;&amp; Event.__inlineSubmit &amp;&amp; Event.__inlineSubmit(this,event)">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "default_persistent" "email" "lgnjs" "lgnrnd" "locale" "lsd" "pass" "persist_box" "u_0_a" "u_0_b" ].
URL https://demo.guru99.com/test/flash-testing.html
Method GET
Parameter
Attack
Evidence <form name="controller" method="POST">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "Play" "Stop" "Zoomin" "Zoomout" ].
URL https://demo.guru99.com/test/guru99home/
Method GET
Parameter
Attack
Evidence <form action="#" name="frm1" id="form" onsubmit="greeting()">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "philadelphia-field-email" ].
URL https://demo.guru99.com/test/image_upload/
Method GET
Parameter
Attack
Evidence <form id="imageform" method="post" enctype="multipart/form-data" action='ajaximage.php'>
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "photoimg" ].
URL https://demo.guru99.com/test/login.html
Method GET
Parameter
Attack
Evidence <form action="success.html" method="post" id="login_form" class="box">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "back" "email" "passwd" ].
URL https://demo.guru99.com/test/newtours/
Method GET
Parameter
Attack
Evidence <form method="post" action="index.php" name="home" >
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "action" "password" "submit" "userName" ].
URL https://demo.guru99.com/test/newtours/index.php
Method GET
Parameter
Attack
Evidence <form method="post" action="index.php" name="home" >
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "action" "password" "submit" "userName" ].
URL https://demo.guru99.com/test/newtours/login.php
Method GET
Parameter
Attack
Evidence <form method="post" action="login.php" name="register">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "action" "password" "submit" "userName" ].
URL https://demo.guru99.com/test/newtours/register.php
Method GET
Parameter
Attack
Evidence <form method="post" action="register.php" >
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "address1" "city" "confirmPassword" "email" "firstName" "lastName" "mercury" "password" "phone" "postalCode" "state" "submit" "userName" ].
URL https://demo.guru99.com/test/newtours/reservation.php
Method GET
Parameter
Attack
Evidence <form method="post" action="reservation2.php" name="findflight">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "findFlights" "servClass" "tripType" ].
URL https://demo.guru99.com/test/upload/
Method GET
Parameter
Attack
Evidence <form name="uploadform" onsubmit="return postIt();" action="/web/20141011154238/http://212.7.194.85/cgi-bin/upload.cgi?sid=225b7867d510426ed86e1dcd57df2c69&amp;maxfilesize=206000000" method="post" target="uploadframe" enctype="multipart/form-data">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "AccessKey" "file_password_0" "flash_descr" "flash_password" "maxfilesize" "phpuploadscript" "returnurl" "sessionid" "uploadfile_0" "UploadSession" ].
URL https://demo.guru99.com/test/upload/
Method GET
Parameter
Attack
Evidence <form name="emailform" action="emaillinks.php" method="post" target="emailframe">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "AccessKey" "terms" "uploadmode" "UploadSession" ].
URL https://demo.guru99.com/V1/index.php
Method GET
Parameter
Attack
Evidence <form NAME="frmLogin" METHOD="POST" ACTION="index.php">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "btnReset" "password" "uid" ].
URL https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0
Method GET
Parameter
Attack
Evidence <form action="" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "q" ].
URL https://public-firing-range.appspot.com/reflected/parameter/form
Method GET
Parameter
Attack
Evidence <form method="POST">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "q" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_1" "quantity_14" "quantity_15" "quantity_2" "quantity_23" "quantity_24" "quantity_26" "quantity_4" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_10" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_11" "quantity_12" "quantity_16" "quantity_21" "quantity_25" "quantity_29" "quantity_30" "quantity_32" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_11" "quantity_16" "quantity_21" "quantity_25" "quantity_29" "quantity_30" "quantity_32" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_11" "quantity_16" "quantity_21" "quantity_25" "quantity_30" "quantity_32" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_13" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_14" "quantity_15" "quantity_2" "quantity_23" "quantity_24" "quantity_26" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_15" "quantity_24" "quantity_26" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_16" "quantity_21" "quantity_25" "quantity_30" "quantity_32" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_16" "quantity_21" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_17" "quantity_31" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_17" "quantity_8" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_18" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_19" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_20" "quantity_22" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_20" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_21" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_24" "quantity_26" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_27" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_28" "quantity_3" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_5" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_6" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_7" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_9" "update" ].
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <form action="basket.jsp" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "update" ].
URL http://localhost:8090/bodgeit/login.jsp
Method POST
Parameter
Attack
Evidence <form method="POST">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "password" "submit" "username" ].
URL http://localhost:8090/bodgeit/register.jsp
Method POST
Parameter
Attack
Evidence <form method="POST">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "password1" "password2" "submit" "username" ].
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method POST
Parameter
Attack
Evidence <form NAME="frmLogin" METHOD="POST" ACTION="index.php">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "btnReset" "password" "uid" ].
URL https://demo.guru99.com/index.php
Method POST
Parameter
Attack
Evidence <form NAME="frmLogin" METHOD="POST" ACTION="index.php" onsubmit="return validateEmail();">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "emailid" ].
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter
Attack
Evidence <form action="logout.php" class="button_to" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "" ].
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter
Attack
Evidence <form accept-charset="UTF-8" action="new_quotation.php" class="new_quotation" enctype="multipart/form-data" id="new_quotation" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "new_quote" "quotation[user_id]" "quotation_incidents" "quotation_vehicle_attributes_mileage" "quotation_vehicle_attributes_registration" "quotation_vehicle_attributes_value" "quotation_windscreenrepair_f" "quotation_windscreenrepair_t" "resetquote" "submit" "utf8" ].
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter
Attack
Evidence <form action="retrieve_quotation.php" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "getquote" "id" ].
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter
Attack
Evidence <form accept-charset="UTF-8" action="" class="edit_user" enctype="multipart/form-data" id="edit_user_" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "_method" "commit" "user_address_attributes_city" "user_address_attributes_county" "user_address_attributes_id" "user_address_attributes_postcode" "user_address_attributes_street" "user_firstname" "user_licencetype_f" "user_licencetype_t" "user_phone" "user_surname" "utf8" ].
URL https://demo.guru99.com/insurance/v1/index.php
Method POST
Parameter
Attack
Evidence <form accept-charset="UTF-8" action="" method="post" id="login-form">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "email" "password" "submit" ].
URL https://demo.guru99.com/insurance/v1/register.php
Method POST
Parameter
Attack
Evidence <form accept-charset="UTF-8" action="" class="new_user" enctype="multipart/form-data" id="new_user" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "licencetype_f" "licencetype_t" "new_user" "resetform" "submit" "user_address_attributes_city" "user_address_attributes_county" "user_address_attributes_postcode" "user_address_attributes_street" "user_firstname" "user_phone" "user_surname" "user_user_detail_attributes_email" "user_user_detail_attributes_password" "user_user_detail_attributes_password_confirmation" "utf8" ].
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method POST
Parameter
Attack
Evidence <form name="fbal" method="post" action="process_card.php" onSubmit="return validate();">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "card_nmuber" "cvv_code" "prices" "submit" ].
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method POST
Parameter
Attack
Evidence <form NAME="frmLogin" METHOD="POST" ACTION="index.php">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "btnReset" "password" "uid" ].
URL https://demo.guru99.com/test/delete_customer.php
Method POST
Parameter
Attack
Evidence <form onsubmit="return confirm('Do you really want to delete this Customer?');" action="delete_customer.php" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cusid" "res" "submit" ].
URL https://demo.guru99.com/test/flash-testing.html
Method POST
Parameter
Attack
Evidence <form name="controller" method="POST">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "Play" "Stop" "Zoomin" "Zoomout" ].
URL https://demo.guru99.com/test/newtours/index.php
Method POST
Parameter
Attack
Evidence <form method="post" action="index.php" name="home" >
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "action" "password" "submit" "userName" ].
URL https://demo.guru99.com/test/newtours/login.php
Method POST
Parameter
Attack
Evidence <form method="post" action="login.php" name="register">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "action" "password" "submit" "userName" ].
URL https://demo.guru99.com/test/newtours/register.php
Method POST
Parameter
Attack
Evidence <form method="post" action="register.php" >
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "address1" "city" "confirmPassword" "email" "firstName" "lastName" "mercury" "password" "phone" "postalCode" "state" "submit" "userName" ].
URL https://demo.guru99.com/V1/index.php
Method POST
Parameter
Attack
Evidence <form NAME="frmLogin" METHOD="POST" ACTION="index.php">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "btnReset" "password" "uid" ].
URL https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0
Method POST
Parameter
Attack
Evidence <form action="" method="post">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "q" ].
URL https://public-firing-range.appspot.com/reflected/parameter/form
Method POST
Parameter
Attack
Evidence <form method="POST">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "q" ].
Instances 123
Solution
Phase: Architecture and Design

Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

For example, use anti-CSRF packages such as the OWASP CSRFGuard.

Phase: Implementation

Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

Phase: Architecture and Design

Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

Note that this can be bypassed using XSS.

Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

Note that this can be bypassed using XSS.

Use the ESAPI Session Management control.

This control includes a component for CSRF.

Do not use the GET method for any request that triggers a state change.

Phase: Implementation

Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.
Reference https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html
https://cwe.mitre.org/data/definitions/352.html
CWE Id 352
WASC Id 9
Plugin Id 10202
Medium
CSP: Wildcard Directive
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL https://public-firing-range.appspot.com/clickjacking/clickjacking_csp_no_frame_ancestors
Method GET
Parameter Content-Security-Policy
Attack
Evidence object-src 'none'; script-src 'strict-dynamic' 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' https: http:; base-uri 'none'; https://www.google.com; report-uri https://csp.withgoogle.com/csp/inquisition/inquisitor
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
Instances 1
Solution
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
Reference https://www.w3.org/TR/CSP/
https://caniuse.com/#search=content+security+policy
https://content-security-policy.com/
https://github.com/HtmlUnit/htmlunit-csp
https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources
CWE Id 693
WASC Id 15
Plugin Id 10055
Medium
CSP: script-src unsafe-eval
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL https://public-firing-range.appspot.com/clickjacking/clickjacking_csp_no_frame_ancestors
Method GET
Parameter Content-Security-Policy
Attack
Evidence object-src 'none'; script-src 'strict-dynamic' 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' https: http:; base-uri 'none'; https://www.google.com; report-uri https://csp.withgoogle.com/csp/inquisition/inquisitor
Other Info script-src includes unsafe-eval.
Instances 1
Solution
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
Reference https://www.w3.org/TR/CSP/
https://caniuse.com/#search=content+security+policy
https://content-security-policy.com/
https://github.com/HtmlUnit/htmlunit-csp
https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources
CWE Id 693
WASC Id 15
Plugin Id 10055
Medium
CSP: style-src unsafe-inline
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL https://public-firing-range.appspot.com/clickjacking/clickjacking_csp_no_frame_ancestors
Method GET
Parameter Content-Security-Policy
Attack
Evidence object-src 'none'; script-src 'strict-dynamic' 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' https: http:; base-uri 'none'; https://www.google.com; report-uri https://csp.withgoogle.com/csp/inquisition/inquisitor
Other Info style-src includes unsafe-inline.
Instances 1
Solution
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
Reference https://www.w3.org/TR/CSP/
https://caniuse.com/#search=content+security+policy
https://content-security-policy.com/
https://github.com/HtmlUnit/htmlunit-csp
https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources
CWE Id 693
WASC Id 15
Plugin Id 10055
Medium
Content Security Policy (CSP) Header Not Set
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL http://localhost:8090/bodgeit/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/about.jsp
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/admin.jsp
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/advanced.jsp
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/basket.jsp
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/contact.jsp
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/home.jsp
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=1
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=10
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=11
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=12
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=13
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=14
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=15
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=16
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=17
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=18
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=19
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=2
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=20
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=21
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=22
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=23
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=24
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=25
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=26
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=27
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=28
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=29
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=3
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=30
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=31
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=32
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=4
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=5
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=6
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=7
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=8
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=9
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=1
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=2
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=3
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=4
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=5
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=6
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=7
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/register.jsp
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/score.jsp
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/search.jsp
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/search.jsp?q=ZAP
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/abap-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/accounting.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/agile-testing-course.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/customer/scripts/commonstyle.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/images/1.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/images/2.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/images/3.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/scripts/basic_functions.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/scripts/validate_login.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/angularjs-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/apache-nifi-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/apache.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/artificial-intelligence-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/asp-net-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/aws-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/best-hard-disks.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/bigdata-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/blockchain-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/blog/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/bugzilla-tutorial-for-beginners.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/business-analyst-tutorial-course.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/c-programming-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/c-sharp-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/c-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/cassandra-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/classes/calendar
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/cloud-computing-for-beginners.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/co-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/codeigniter-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/compiler-design-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/cpp-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/crystal-reports-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/css/bd.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/cucumber-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/data-science-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/data-testing.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/data-warehousing-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/dbms-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/devops-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/ethical-hacking-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/excel-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/free-digital-marketing-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/free-sap-sd-training-course.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/google-go-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/hbase-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/hive-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/hp-alm-free-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/images/logo/favicon.ico
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/images/logo/favicon1.ico
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/images/spacer.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/img/favicon.ico?1461205423
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/informatica-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/header.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/index.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/register.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/interactive-javascript-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/introduction-ccna.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/java-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/jenkins-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/jira-tutorial-a-complete-guide-for-beginners.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/jmeter-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/jsp-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/junit-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/keras-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/learn-sap-testing-create-your-first-sap-test-case.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-agile-testing-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-ecommerce-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-insurance-testing-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-interactive-exercise-hp-alm.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-java-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-mobile-testing-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-payment-gateway-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-penetration-testing-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-php-project-learn-complete-web-development-cycle.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-projects.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-selenium-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-telecom-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-testing-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-uft-testing.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/loadrunner-v12-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/mantis-bug-tracker-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/mariadb-tutorial-install.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/media/gantry5/assets/js/html5shiv-printshiv.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/media/gantry5/assets/js/html5shiv-printshiv.min.js?59966af6
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/media/gantry5/assets/js/main.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/media/gantry5/assets/js/main.js?59966af6
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/media/gantry5/assets/js/matchmedia.polyfill.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/media/gantry5/assets/js/matchmedia.polyfill.js?59966af6
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/media/gantry5/engines/nucleus/css/nucleus-ie9.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/media/gantry5/engines/nucleus/css/nucleus-ie9.css?59966afb
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/mis-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/mobile-testing.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/mongodb-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/ms-access-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/ms-sql-server-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/mysql-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/nltk-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/node-js-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/numpy-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/operating-system-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/overview-of-sap-apo.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/overview-of-sap-security.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/overview-of-sap-solution-manager.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/cardnumber.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/index.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/purchasetoy.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/perl-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/photoshop-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/php-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/pl-sql-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/pmp-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/postgresql-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/postman-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/practitest-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/project-management-methodology.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/python-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/pytorch-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/qtest-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/quick-test-professional-qtp-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/r-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/release-notes
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/robotic-process-automation-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/ruby-on-rails-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-basis-training-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-bi.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-bods-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-bpc.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-crm-training.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-fico-training-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-hana-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-hcm.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-mm-training-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-payroll.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-pi-process-integration-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-pp-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-quality-management-qm-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-training-hub.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sapui5-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/scripts/basic_functions.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/scripts/commonstyle.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/scripts/validate_login.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/images/1.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/images/2.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/images/3.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/scripts/basic_functions.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/scripts/validate_login.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/customer/scripts/commonstyle.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/selenium-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/selenium/facebook.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-1.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-2.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-3.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-4.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-5.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-6.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/test-coverage-in-software-testing.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sitemap.xml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/soapui-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/software-engineering-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/software-testing.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sql.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sqlite-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/tableau-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/talend-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=063675
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=069466
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=936997
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/addcustomer.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/addtariffplans.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/billing.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/tensorflow-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test-management.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/ajax.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/ajax.html?name=ZAP
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/autoit.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/block.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/cookie/selenium_aut.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/drag_drop.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/facebook.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/false
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/flash-testing.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/ads.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/play.google.com/store/apps/details?hl=en&id=com.vector.guru99
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/scrolling.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/high
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/image_upload/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/link.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/login.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/black
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/fromDay
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/fromMonth
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/spacer.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/index.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/register.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/reservation.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/reservation2.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/Select%20Arrivale%20Date
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/Select%20Departure%20Date
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/support.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/toDay
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/toMonth
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/radio.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/scrolling.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/table.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/tooltip.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/upload/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/upload/register.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/upload/rules.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/yahoo.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/testlink-tutorial-complete-guide.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/tools/tooltip/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/uml-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/unix-linux-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/utlimate-guide-etl-datawarehouse-testing.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/index.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/vb-net-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/vba-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/vbscript-tutorials-for-beginners.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web-services-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/bootstrap.min.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/custom.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/home-bar.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/main.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/slider-cars.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20141011154238im_/http:/www.megafileupload.com/skin/custom/images/add.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20141011154238im_/http:/www.megafileupload.com/skin/custom/images/delete.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/what-is-sap.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/wpf-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/zephyr-agile-jira.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/zephyr-enterprise.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/zookeeper-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/*
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/baseURI/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/documentURI/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/assign
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/documentwriteln
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/formaction
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/function
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/inlineevent
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/jshref
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/onclickAddEventListener
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/onclickSetAttribute
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/rangeCreateContextualFragment
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/replace
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/setTimeout
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/assign
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/documentwriteln
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/rangeCreateContextualFragment
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/replace
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/setTimeout
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/locationhref/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/locationpathname/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/locationsearch/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/URL/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/URLUnencoded/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.1.5?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.18?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.19?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.24?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.4.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.6.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_alt_symbols/1.4.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_alt_symbols_raw/1.6.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_ng/1.4.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng/1.4.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng_raw/1.4.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw/1.4.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_escaped/1.4.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_escaped_alt_symbols/1.4.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_cookie_parse/1.6.0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_form_parse/1.6.0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_post_message_parse/1.6.0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_storage_parse/1.6.0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/badscriptimport
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/badscriptimport/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/clickjacking
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/clickjacking/clickjacking_xfo_allowall
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/clickjacking/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowInsecureScheme
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowNullOrigin
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginEndsWith
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginProtocolDowngrade
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginRegexDot
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginStartsWith
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/dynamicAllowOrigin
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/div
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/dompropagation
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/dompropagation/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/javascripturi.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/array/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/property/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/array/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/property/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/array
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/array/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/property
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/property/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/complexMessageDocumentWriteEval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/improperOriginValidationWithPartialStringComparison
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/improperOriginValidationWithRegExp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/array
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/array/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/property
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/property/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/js/encodeURIComponent?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/js/escape?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/js/html_escape?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_name?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_quoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_script?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_singlequoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_unquoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/body?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/body_comment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_import?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style_font_value?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style_value?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/head?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_assignment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_comment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_eval?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_quoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_singlequoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_slashquoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/tagname?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/textarea?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_name?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_quoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_script?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_singlequoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_unquoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/body?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/body_comment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_import?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style_font_value?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style_value?escape=HTML_ESCAPE&q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/head?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_assignment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_comment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_eval?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_quoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_singlequoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_slashquoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/tagname?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/textarea?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/flashinjection
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/flashinjection/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity_dynamically_added.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/jsonp?callback=%25q
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/jsonp?callback=callbackFunc&other=%25q
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/leakedcookie
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/leakedcookie/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/leakedcookie/leakedcookie
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/leakedcookie/leakedinresource
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/mixedcontent
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/mixedcontent/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/pression
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/redirect
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/redirect/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/redirect/meta?q=/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/contentsniffing
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_quoted
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_quoted/DOUBLE_QUOTED_ATTRIBUTE?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_singlequoted
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_singlequoted/SINGLE_QUOTED_ATTRIBUTE?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_unquoted
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_unquoted/UNQUOTED_ATTRIBUTE?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredcharsets
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredcharsets/attribute_unquoted
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredcharsets/attribute_unquoted/DoubleQuoteSinglequote?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredcharsets/body
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredcharsets/body/SpaceDoubleQuoteSlashEquals?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseInsensitive
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseInsensitive/script?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseSensitive
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseSensitive/script?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_name?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_quoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_script?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_singlequoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_unquoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body/400?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body/401?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body/403?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body/404?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body/500?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body_comment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/css_style?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/css_style_font_value?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/css_style_value?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/form
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/head?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/iframe_attribute_value?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/iframe_srcdoc?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_assignment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_comment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_eval?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_quoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_singlequoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_slashquoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/json?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/noscript?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/style_attribute_value?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/tagname?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/textarea?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/textarea_attribute_value?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/title?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/css_import?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/href?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/object_data?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/object_param?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/script_src?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/object_hash.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/object/application_x-shockwave-flash?q=https://google.com
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/object_raw?q=https://google.com
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://127.0.0.2/localhost_import.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://g00gle.com/typosquatting_domain.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=https://google.com
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/script_hash.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithXFO
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithXFO/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithXFO
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithXFO/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithoutXFO
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithoutXFO/?q=foo
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithXFO
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithXFO/?q=foo
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithoutXFO
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithoutXFO/?q=%26callback%3Dfoo%23
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithXFO
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithXFO/?q=%26callback%3Dfoo%23
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/InCallback
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/InCallback/?q=urc_button.click
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/OtherParameter
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/OtherParameter/?q=%26callback%3Durc_button.click%23
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/robots.txt
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/script
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/sitemap.xml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_includesubdomains_missing
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_max_age_missing
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_max_age_too_low
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_missing
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_preload_missing
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/multiline?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/a.href
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/base.href
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/document.location
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/embed.src
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/fetch
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/form.action
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/iframe.src
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/input.formaction
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/link.href
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/object.data
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/param.code.value
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/param.movie.value
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/param.src.value
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/param.url.value
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/script.href
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_domain
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_path
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_query
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/window.open
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/xhr.open
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/search/area.href?//example.org
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/search/button.formaction?//example.org
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/search/frame.src?//example.org
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/search/location.assign?//example.org
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/search/svg.a?//example.org
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/vulnerablelibraries
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/vulnerablelibraries/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/vulnerablelibraries/jquery.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/vulnerablelibraries/x
Method GET
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/advanced.jsp
Method POST
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/contact.jsp
Method POST
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/login.jsp
Method POST
Parameter
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/register.jsp
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/new_quotation.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/retrieve_quotation.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/addtariffplans.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/billing.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/cookie/selenium_cookie.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/flash-testing.html
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/image_upload/ajaximage.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/index.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/login.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/register.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/reservation2.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/success.html
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/upload/emaillinks.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/index.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20141011154238/http:/212.7.194.85/cgi-bin/upload.cgi?maxfilesize=206000000
Method POST
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0
Method POST
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/form
Method POST
Parameter
Attack
Evidence
Other Info
Instances 682
Solution
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
Reference https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
https://www.w3.org/TR/CSP/
https://w3c.github.io/webappsec-csp/
https://web.dev/articles/csp
https://caniuse.com/#feat=contentsecuritypolicy
https://content-security-policy.com/
CWE Id 693
WASC Id 15
Plugin Id 10038
Medium
Missing Anti-clickjacking Header
Description
The response does not include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options to protect against 'ClickJacking' attacks.
URL http://localhost:8090/bodgeit/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/about.jsp
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/admin.jsp
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/advanced.jsp
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/basket.jsp
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/contact.jsp
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/home.jsp
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=10
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=11
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=12
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=13
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=14
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=15
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=16
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=17
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=18
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=19
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=2
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=20
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=21
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=22
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=23
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=24
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=25
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=26
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=27
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=28
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=29
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=3
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=30
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=31
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=32
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=4
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=5
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=6
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=7
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=8
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=9
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=2
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=3
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=4
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=5
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=6
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=7
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/register.jsp
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/score.jsp
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/search.jsp
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/search.jsp?q=ZAP
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/header.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/index.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/register.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/cardnumber.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/index.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/purchasetoy.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/selenium/facebook.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-1.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-2.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-3.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-4.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-5.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-6.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=063675
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=069466
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=936997
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/addcustomer.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/addtariffplans.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/billing.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/ajax.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/ajax.html?name=ZAP
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/autoit.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/block.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/cookie/selenium_aut.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/drag_drop.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/facebook.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/flash-testing.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/ads.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/scrolling.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/image_upload/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/link.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/login.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/index.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/login.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/register.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/reservation.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/reservation2.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/support.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/radio.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/table.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/tooltip.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/upload/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/yahoo.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/index.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/baseURI/documentwrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/documentURI/documentwrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/assign
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/documentwrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/documentwriteln
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/formaction
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/function
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/inlineevent
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/innerHtml
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/jshref
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/onclickAddEventListener
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/onclickSetAttribute
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/rangeCreateContextualFragment
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/replace
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/setTimeout
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/assign
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/documentwrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/documentwriteln
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/innerHtml
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/rangeCreateContextualFragment
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/replace
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/setTimeout
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/locationhref/documentwrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/locationpathname/documentwrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/locationsearch/documentwrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/URL/documentwrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/URLUnencoded/documentwrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.1.5?q=test
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.0?q=test
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.18?q=test
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.19?q=test
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.24?q=test
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.4.0?q=test
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.6.0?q=test
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_alt_symbols/1.4.0?q=test
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_alt_symbols_raw/1.6.0?q=test
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_ng/1.4.0?q=test
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng/1.4.0?q=test
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng_raw/1.4.0?q=test
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw/1.4.0?q=test
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_escaped/1.4.0?q=test
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_escaped_alt_symbols/1.4.0?q=test
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_cookie_parse/1.6.0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_form_parse/1.6.0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_post_message_parse/1.6.0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_storage_parse/1.6.0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/badscriptimport
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/badscriptimport/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/clickjacking
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/clickjacking/clickjacking_csp_no_frame_ancestors
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/clickjacking/clickjacking_xfo_allowall
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/clickjacking/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowInsecureScheme
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowNullOrigin
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginEndsWith
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginProtocolDowngrade
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginRegexDot
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginStartsWith
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/dynamicAllowOrigin
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/dompropagation
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/dompropagation/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/documentWrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/innerHtml
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/documentWrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/innerHtml
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/javascripturi.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/documentWrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/innerHtml
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/documentWrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/innerHtml
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/array/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/documentWrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/innerHtml
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/property/documentWrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/array/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/documentWrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/innerHtml
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/property/documentWrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/array
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/array/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/documentWrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/innerHtml
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/property
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/property/documentWrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/complexMessageDocumentWriteEval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/documentWrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/improperOriginValidationWithPartialStringComparison
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/improperOriginValidationWithRegExp
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/innerHtml
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/array
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/array/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/documentWrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/innerHtml
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/property
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/property/documentWrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name/documentWrite
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name/eval
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name/innerHtml
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/js/encodeURIComponent?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/js/escape?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/js/html_escape?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_name?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_quoted?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_script?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_singlequoted?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_unquoted?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/body?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/body_comment?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_import?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style_font_value?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style_value?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/head?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_assignment?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_comment?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_eval?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_quoted_string?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_singlequoted_string?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_slashquoted_string?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/tagname?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/textarea?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_name?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_quoted?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_script?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_singlequoted?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_unquoted?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/body?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/body_comment?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_import?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style_font_value?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style_value?escape=HTML_ESCAPE&q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/head?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_assignment?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_comment?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_eval?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_quoted_string?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_singlequoted_string?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_slashquoted_string?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/tagname?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/textarea?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/flashinjection
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/flashinjection/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity_dynamically_added.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/leakedcookie
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/leakedcookie/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/leakedcookie/leakedcookie
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/leakedcookie/leakedinresource
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/mixedcontent
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/mixedcontent/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/redirect
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/redirect/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/redirect/meta?q=/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_quoted/DOUBLE_QUOTED_ATTRIBUTE?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_singlequoted/SINGLE_QUOTED_ATTRIBUTE?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_unquoted/UNQUOTED_ATTRIBUTE?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredcharsets/attribute_unquoted/DoubleQuoteSinglequote?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredcharsets/body/SpaceDoubleQuoteSlashEquals?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseInsensitive/script?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseSensitive/script?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_name?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_quoted?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_script?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_singlequoted?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_unquoted?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body_comment?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/css_style?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/css_style_font_value?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/css_style_value?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/form
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/head?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/iframe_attribute_value?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/iframe_srcdoc?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_assignment?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_comment?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_eval?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_quoted_string?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_singlequoted_string?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_slashquoted_string?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/json?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/noscript?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/style_attribute_value?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/tagname?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/textarea?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/textarea_attribute_value?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/title?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/css_import?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/href?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/object_data?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/object_param?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/script_src?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/object_hash.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/object/application_x-shockwave-flash?q=https://google.com
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/object_raw?q=https://google.com
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://127.0.0.2/localhost_import.js
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://g00gle.com/typosquatting_domain.js
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=https://google.com
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/script_hash.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithoutXFO
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithoutXFO/?q=foo
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithoutXFO
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithoutXFO/?q=%26callback%3Dfoo%23
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/InCallback
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/InCallback/?q=urc_button.click
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/OtherParameter
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/OtherParameter/?q=%26callback%3Durc_button.click%23
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_includesubdomains_missing
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_max_age_missing
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_max_age_too_low
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_missing
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_preload_missing
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/multiline?q=a
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/a.href
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/base.href
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/document.location
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/embed.src
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/fetch
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/form.action
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/iframe.src
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/input.formaction
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/link.href
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/object.data
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/param.code.value
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/param.movie.value
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/param.src.value
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/param.url.value
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/script.href
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_domain
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_path
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_query
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/window.open
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/xhr.open
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/search/area.href?//example.org
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/search/button.formaction?//example.org
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/search/frame.src?//example.org
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/search/location.assign?//example.org
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/search/svg.a?//example.org
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/vulnerablelibraries
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/vulnerablelibraries/index.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/vulnerablelibraries/jquery.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/contact.jsp
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/login.jsp
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://localhost:8090/bodgeit/register.jsp
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/new_quotation.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/retrieve_quotation.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/addtariffplans.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/billing.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/cookie/selenium_cookie.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/flash-testing.html
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/image_upload/ajaximage.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/index.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/login.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/register.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/reservation2.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/success.html
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/index.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/form
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
Instances 438
Solution
Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.

If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
CWE Id 1021
WASC Id 15
Plugin Id 10020
Medium
Secure Pages Include Mixed Content (Including Scripts)
Description
The page includes mixed content, that is content accessed via HTTP instead of HTTPS.
URL https://demo.guru99.com/seo/page-1.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/seo/page-2.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/seo/page-3.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/seo/page-4.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/seo/page-5.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/seo/page-6.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/telecom/index.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/ajax.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/ajax.html?name=ZAP
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/autoit.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/block.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/drag_drop.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/facebook.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/flash-testing.html
Method GET
Parameter
Attack
Evidence http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0
Other Info tag=object codebase=http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0 tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/guru99home/
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/guru99home/scrolling.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/link.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/login.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/radio.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/table.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/tooltip.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/upload/
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/adsfooter.js
Other Info tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/yahoo.html
Method GET
Parameter
Attack
Evidence http://demo.guru99.com/test/js/bootstrap.min.js
Other Info tag=script src=http://demo.guru99.com/test/js/bootstrap.min.js tag=script src=http://demo.guru99.com/test/js/treemenu.js tag=script src=http://demo.guru99.com/test/js/slider-cars.js tag=script src=http://demo.guru99.com/test/js/home-bar.js tag=script src=http://demo.guru99.com/test/js/jquery.js tag=script src=http://demo.guru99.com/adsfooter.js
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_script?q=a
Method GET
Parameter
Attack
Evidence http://irrelevant.google.com?a
Other Info tag=script src=http://irrelevant.google.com?a
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_script?q=a
Method GET
Parameter
Attack
Evidence http://irrelevant.google.com?a
Other Info tag=script src=http://irrelevant.google.com?a
URL https://public-firing-range.appspot.com/mixedcontent
Method GET
Parameter
Attack
Evidence http://public-firing-range.appspot.com/mixedcontent/script.js
Other Info tag=script src=http://public-firing-range.appspot.com/mixedcontent/script.js
URL https://public-firing-range.appspot.com/mixedcontent/index.html
Method GET
Parameter
Attack
Evidence http://public-firing-range.appspot.com/mixedcontent/script.js
Other Info tag=script src=http://public-firing-range.appspot.com/mixedcontent/script.js
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_script?q=a
Method GET
Parameter
Attack
Evidence http://irrelevant.google.com/a
Other Info tag=script src=http://irrelevant.google.com/a
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://127.0.0.2/localhost_import.js
Method GET
Parameter
Attack
Evidence http://127.0.0.2/localhost_import.js
Other Info tag=script src=http://127.0.0.2/localhost_import.js
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js
Method GET
Parameter
Attack
Evidence http://192.168.1.2/private_network_import.js
Other Info tag=script src=http://192.168.1.2/private_network_import.js
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://g00gle.com/typosquatting_domain.js
Method GET
Parameter
Attack
Evidence http://g00gle.com/typosquatting_domain.js
Other Info tag=script src=http://g00gle.com/typosquatting_domain.js
URL https://demo.guru99.com/test/flash-testing.html
Method POST
Parameter
Attack
Evidence http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0
Other Info tag=object codebase=http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0 tag=script src=http://demo.guru99.com/adsfooter.js
URL https://demo.guru99.com/test/success.html
Method POST
Parameter
Attack
Evidence http://mymail.guru99.com/logo-guru99.png
Other Info tag=img src=http://mymail.guru99.com/logo-guru99.png tag=script src=http://demo.guru99.com/adsfooter.js
Instances 34
Solution
A page that is available over SSL/TLS must be comprised completely of content which is transmitted over SSL/TLS.

The page must not contain any content that is transmitted over unencrypted HTTP.

This includes content from third party sites.
Reference https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html
CWE Id 311
WASC Id 4
Plugin Id 10040
Medium
Vulnerable JS Library
Description
The identified library bootstrap, version 3.3.7 is vulnerable.
URL https://demo.guru99.com/Agile_Project/js/bootstrap.min.js
Method GET
Parameter
Attack
Evidence * Bootstrap v3.3.7
Other Info CVE-2018-14041 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735
URL https://demo.guru99.com/Agile_Project/js/jquery.js
Method GET
Parameter
Attack
Evidence /*! jQuery v1.11.1
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358
URL https://demo.guru99.com/insurance/v1/javascript/bootstrap.min.js
Method GET
Parameter
Attack
Evidence * Bootstrap v3.3.7
Other Info CVE-2018-14041 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735
URL https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js
Method GET
Parameter
Attack
Evidence jquery-1.10.2.js
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358
URL https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js
Method GET
Parameter
Attack
Evidence /*! jQuery UI - v1.10.2
Other Info CVE-2021-41184 CVE-2021-41183 CVE-2021-41182 CVE-2022-31160
URL https://demo.guru99.com/insurance/v1/javascript/jquery.js
Method GET
Parameter
Attack
Evidence /*! jQuery v1.11.1
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358
URL https://demo.guru99.com/payment-gateway/assets/js/bootstrap.min.js
Method GET
Parameter
Attack
Evidence * Bootstrap v3.3.7
Other Info CVE-2018-14041 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735
URL https://demo.guru99.com/payment-gateway/assets/js/jquery.js
Method GET
Parameter
Attack
Evidence /*! jQuery v1.11.1
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358
URL https://demo.guru99.com/payment-gateway/assets/js/jquery.min.js
Method GET
Parameter
Attack
Evidence /*! jQuery v1.11.3
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/bootstrap.min.js
Method GET
Parameter
Attack
Evidence * Bootstrap v3.3.7
Other Info CVE-2018-14041 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/jquery.js
Method GET
Parameter
Attack
Evidence /*! jQuery v1.11.1
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358
URL https://demo.guru99.com/seo/js/jquery.min.js
Method GET
Parameter
Attack
Evidence /*! jQuery v1.12.4
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358
URL https://demo.guru99.com/telecom/assets/js/bootstrap.min.js
Method GET
Parameter
Attack
Evidence * Bootstrap v3.3.7
Other Info CVE-2018-14041 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735
URL https://demo.guru99.com/telecom/assets/js/jquery.js
Method GET
Parameter
Attack
Evidence /*! jQuery v1.11.1
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358
URL https://demo.guru99.com/telecom/assets/js/jquery.min.js
Method GET
Parameter
Attack
Evidence /*! jQuery v1.11.3
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358
URL https://demo.guru99.com/test/accountingjs/jquery-ui.min.js
Method GET
Parameter
Attack
Evidence /*! jQuery UI - v1.10.2
Other Info CVE-2021-41184 CVE-2021-41183 CVE-2021-41182 CVE-2022-31160
URL https://demo.guru99.com/test/guru99home/js/jquery.min.js
Method GET
Parameter
Attack
Evidence /*! jQuery v1.12.4
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358
URL https://demo.guru99.com/test/image_upload/scripts/jquery.min.js
Method GET
Parameter
Attack
Evidence * jQuery JavaScript Library v1.6
Other Info CVE-2011-4969 CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 CVE-2020-7656 CVE-2012-6708
URL https://demo.guru99.com/test/js/bootstrap.min.js
Method GET
Parameter
Attack
Evidence * Bootstrap v3.3.7
Other Info CVE-2018-14041 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735
URL https://demo.guru99.com/test/js/jquery.js
Method GET
Parameter
Attack
Evidence /*! jQuery v1.11.1
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358
URL https://demo.guru99.com/test/js/jquery.min.js
Method GET
Parameter
Attack
Evidence /*! jQuery v1.12.4
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358
URL https://demo.guru99.com/test/js/jquery.tools.min.js
Method GET
Parameter
Attack
Evidence ,jquery:"1.6.4"
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 CVE-2020-7656 CVE-2012-6708
URL https://demo.guru99.com/V1/JavaScript/bootstrap.min.js
Method GET
Parameter
Attack
Evidence * Bootstrap v3.3.7
Other Info CVE-2018-14041 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735
URL https://demo.guru99.com/V1/JavaScript/jquery.js
Method GET
Parameter
Attack
Evidence /*! jQuery v1.11.1
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358
URL https://demo.guru99.com/V4/JavaScript/bootstrap.min.js
Method GET
Parameter
Attack
Evidence * Bootstrap v3.3.7
Other Info CVE-2018-14041 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735
URL https://demo.guru99.com/V4/JavaScript/jquery.js
Method GET
Parameter
Attack
Evidence /*! jQuery v1.11.1
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358
Instances 26
Solution
Please upgrade to the latest version of bootstrap.
Reference https://github.com/twbs/bootstrap/issues/28236
https://github.com/advisories/GHSA-pj7m-g53m-7638
https://github.com/twbs/bootstrap/issues/20184
https://github.com/advisories/GHSA-ph58-4vrj-w6hr
https://github.com/twbs/bootstrap/issues/20631
https://github.com/advisories/GHSA-4p24-vmcr-4gqj
https://github.com/advisories/GHSA-9v3m-8fp8-mj99
https://nvd.nist.gov/vuln/detail/CVE-2018-20676
CWE Id 829
WASC Id
Plugin Id 10003
Low
Application Error Disclosure
Description
This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.
URL https://public-firing-range.appspot.com/dom/eventtriggering
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/escape/js
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/escape/serverside
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reflected/contentsniffing
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_quoted
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_singlequoted
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_unquoted
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredcharsets
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredcharsets/attribute_unquoted
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredcharsets/body
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseInsensitive
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseSensitive
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body/500?q=a
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reflected/url
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reflected/url/a
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery
Method GET
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
URL http://localhost:8090/bodgeit/advanced.jsp
Method POST
Parameter
Attack
Evidence HTTP/1.1 500 Internal Server Error
Other Info
Instances 32
Solution
Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.
Reference
CWE Id 200
WASC Id 13
Plugin Id 90022
Low
Big Redirect Detected (Potential Sensitive Information Leak)
Description
The server has responded with a redirect that seems to provide a large response. This may indicate that although the server sent a redirect it also responded with body content (which may include sensitive details, PII, etc.).
URL https://demo.guru99.com/index.php
Method POST
Parameter
Attack
Evidence
Other Info Location header URI length: 52 [access.php?uid=mngr564973 & pass=seqerer & email=ZAP]. Predicted response size: 352. Response Body Length: 13,205.
URL https://demo.guru99.com/insurance/v1/index.php
Method POST
Parameter
Attack
Evidence
Other Info Location header URI length: 10 [header.php]. Predicted response size: 310. Response Body Length: 12,252.
URL https://demo.guru99.com/insurance/v1/register.php
Method POST
Parameter
Attack
Evidence
Other Info Location header URI length: 9 [index.php]. Predicted response size: 309. Response Body Length: 23,348.
URL https://demo.guru99.com/payment-gateway/process_card.php
Method POST
Parameter
Attack
Evidence
Other Info Location header URI length: 31 [genearte_orderid.php?uid=128685]. Predicted response size: 331. Response Body Length: 12,884.
URL https://demo.guru99.com/payment-gateway/process_card.php
Method POST
Parameter
Attack
Evidence
Other Info Location header URI length: 31 [genearte_orderid.php?uid=334721]. Predicted response size: 331. Response Body Length: 12,884.
URL https://demo.guru99.com/payment-gateway/process_card.php
Method POST
Parameter
Attack
Evidence
Other Info Location header URI length: 31 [genearte_orderid.php?uid=574612]. Predicted response size: 331. Response Body Length: 12,884.
URL https://demo.guru99.com/payment-gateway/process_card.php
Method POST
Parameter
Attack
Evidence
Other Info Location header URI length: 31 [genearte_orderid.php?uid=600497]. Predicted response size: 331. Response Body Length: 12,884.
URL https://demo.guru99.com/payment-gateway/process_card.php
Method POST
Parameter
Attack
Evidence
Other Info Location header URI length: 31 [genearte_orderid.php?uid=646509]. Predicted response size: 331. Response Body Length: 12,884.
URL https://demo.guru99.com/payment-gateway/process_card.php
Method POST
Parameter
Attack
Evidence
Other Info Location header URI length: 31 [genearte_orderid.php?uid=677239]. Predicted response size: 331. Response Body Length: 12,884.
Instances 9
Solution
Ensure that no sensitive information is leaked via redirect responses. Redirect responses should have almost no content.
Reference
CWE Id 201
WASC Id 13
Plugin Id 10044
Low
CSP: Notices
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL https://public-firing-range.appspot.com/clickjacking/clickjacking_csp_no_frame_ancestors
Method GET
Parameter Content-Security-Policy
Attack
Evidence object-src 'none'; script-src 'strict-dynamic' 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' https: http:; base-uri 'none'; https://www.google.com; report-uri https://csp.withgoogle.com/csp/inquisition/inquisitor
Other Info Errors: Directive name https://www.google.com contains characters outside the range ALPHA / DIGIT / "-" Warnings: The report-uri directive has been deprecated in favor of the new report-to directive
Instances 1
Solution
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
Reference https://www.w3.org/TR/CSP/
https://caniuse.com/#search=content+security+policy
https://content-security-policy.com/
https://github.com/HtmlUnit/htmlunit-csp
https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources
CWE Id 693
WASC Id 15
Plugin Id 10055
Low
Cookie No HttpOnly Flag
Description
A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.
URL http://localhost:8090/bodgeit/basket.jsp
Method GET
Parameter b_id
Attack
Evidence Set-Cookie: b_id
Other Info
URL https://demo.guru99.com/test/newtours/
Method GET
Parameter PHPSESSID
Attack
Evidence Set-Cookie: PHPSESSID
Other Info
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter b_id
Attack
Evidence Set-Cookie: b_id
Other Info
Instances 3
Solution
Ensure that the HttpOnly flag is set for all cookies.
Reference https://owasp.org/www-community/HttpOnly
CWE Id 1004
WASC Id 13
Plugin Id 10010
Low
Cookie Without Secure Flag
Description
A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.
URL https://demo.guru99.com/test/newtours/
Method GET
Parameter PHPSESSID
Attack
Evidence Set-Cookie: PHPSESSID
Other Info
URL https://public-firing-range.appspot.com/leakedcookie/leakedcookie
Method GET
Parameter my_secret_cookie
Attack
Evidence Set-Cookie: my_secret_cookie
Other Info
URL https://public-firing-range.appspot.com/leakedcookie/leakedinresource
Method GET
Parameter my_secret_cookie
Attack
Evidence Set-Cookie: my_secret_cookie
Other Info
Instances 3
Solution
Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.
Reference https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html
CWE Id 614
WASC Id 13
Plugin Id 10011
Low
Cookie without SameSite Attribute
Description
A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.
URL http://localhost:8090/bodgeit/basket.jsp
Method GET
Parameter b_id
Attack
Evidence Set-Cookie: b_id
Other Info
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence Set-Cookie: JSESSIONID
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=1
Method GET
Parameter JSESSIONID
Attack
Evidence Set-Cookie: JSESSIONID
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=2
Method GET
Parameter JSESSIONID
Attack
Evidence Set-Cookie: JSESSIONID
Other Info
URL https://demo.guru99.com/test/newtours/
Method GET
Parameter PHPSESSID
Attack
Evidence Set-Cookie: PHPSESSID
Other Info
URL https://public-firing-range.appspot.com/leakedcookie/leakedcookie
Method GET
Parameter my_secret_cookie
Attack
Evidence Set-Cookie: my_secret_cookie
Other Info
URL https://public-firing-range.appspot.com/leakedcookie/leakedinresource
Method GET
Parameter my_secret_cookie
Attack
Evidence Set-Cookie: my_secret_cookie
Other Info
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter b_id
Attack
Evidence Set-Cookie: b_id
Other Info
Instances 8
Solution
Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
Reference https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site
CWE Id 1275
WASC Id 13
Plugin Id 10054
Low
Cross-Domain JavaScript Source File Inclusion
Description
The page includes one or more script files from a third-party domain.
URL https://demo.guru99.com/
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/insurance/v1/header.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/insurance/v1/header.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/insurance/v1/header.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/insurance/v1/header.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/insurance/v1/index.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/insurance/v1/index.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/insurance/v1/index.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/insurance/v1/index.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/insurance/v1/register.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/insurance/v1/register.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/insurance/v1/register.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/insurance/v1/register.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/payment-gateway/cardnumber.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/cardnumber.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/payment-gateway/cardnumber.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/cardnumber.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/payment-gateway/index.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/index.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/payment-gateway/index.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/index.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/payment-gateway/purchasetoy.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/purchasetoy.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/payment-gateway/purchasetoy.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/purchasetoy.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/selenium/facebook.html
Method GET
Parameter https://web.archive.org/web/20130925210322js_/https://static.xx.fbcdn.net/rsrc.php/v2/yH/r/DGxMdM_Gueq.js
Attack
Evidence <script src="https://web.archive.org/web/20130925210322js_/https://static.xx.fbcdn.net/rsrc.php/v2/yH/r/DGxMdM_Gueq.js" crossorigin="anonymous"></script>
Other Info
URL https://demo.guru99.com/seo/page-1.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/seo/page-1.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/seo/page-1.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/seo/page-1.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/seo/page-2.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/seo/page-2.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/seo/page-2.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/seo/page-2.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/seo/page-3.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/seo/page-3.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/seo/page-3.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/seo/page-3.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/seo/page-4.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/seo/page-4.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/seo/page-4.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/seo/page-4.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/seo/page-5.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/seo/page-5.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/seo/page-5.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/seo/page-5.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/seo/page-6.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/seo/page-6.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/seo/page-6.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/seo/page-6.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=063675
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=063675
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=063675
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=063675
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=069466
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=069466
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=069466
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=069466
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=936997
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=936997
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=936997
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=936997
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/telecom/addcustomer.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/telecom/addcustomer.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/telecom/addcustomer.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/telecom/addcustomer.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/telecom/addtariffplans.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/telecom/addtariffplans.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/telecom/addtariffplans.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/telecom/addtariffplans.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/telecom/billing.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/telecom/billing.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/telecom/billing.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/telecom/billing.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/telecom/index.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/telecom/index.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/telecom/index.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/telecom/index.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/ajax.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/ajax.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/ajax.html
Method GET
Parameter https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
Attack
Evidence <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
Other Info
URL https://demo.guru99.com/test/ajax.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/ajax.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/ajax.html?name=ZAP
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/ajax.html?name=ZAP
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/ajax.html?name=ZAP
Method GET
Parameter https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
Attack
Evidence <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
Other Info
URL https://demo.guru99.com/test/ajax.html?name=ZAP
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/ajax.html?name=ZAP
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/autoit.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/autoit.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/autoit.html
Method GET
Parameter //pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Attack
Evidence <script async src=//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js></script>
Other Info
URL https://demo.guru99.com/test/autoit.html
Method GET
Parameter https://cdn.jotfor.ms/js/vendor/imageinfo.js?v=3.3.11170
Attack
Evidence <script src="https://cdn.jotfor.ms/js/vendor/imageinfo.js?v=3.3.11170" type="text/javascript"></script>
Other Info
URL https://demo.guru99.com/test/autoit.html
Method GET
Parameter https://cdn.jotfor.ms/static/jotform.forms.js?3.3.11170
Attack
Evidence <script src="https://cdn.jotfor.ms/static/jotform.forms.js?3.3.11170" type="text/javascript"></script>
Other Info
URL https://demo.guru99.com/test/autoit.html
Method GET
Parameter https://cdn.jotfor.ms/static/prototype.forms.js
Attack
Evidence <script src="https://cdn.jotfor.ms/static/prototype.forms.js" type="text/javascript"></script>
Other Info
URL https://demo.guru99.com/test/autoit.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/autoit.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/block.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/block.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/block.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/block.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/cookie/selenium_aut.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/cookie/selenium_aut.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/cookie/selenium_aut.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/cookie/selenium_aut.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/drag_drop.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/drag_drop.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/drag_drop.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/drag_drop.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/facebook.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/facebook.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/facebook.html
Method GET
Parameter https://web.archive.org/web/20130925210322js_/https://static.xx.fbcdn.net/rsrc.php/v2/yH/r/DGxMdM_Gueq.js
Attack
Evidence <script src="https://web.archive.org/web/20130925210322js_/https://static.xx.fbcdn.net/rsrc.php/v2/yH/r/DGxMdM_Gueq.js" crossorigin="anonymous"></script>
Other Info
URL https://demo.guru99.com/test/facebook.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/facebook.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/flash-testing.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/flash-testing.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/flash-testing.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/flash-testing.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/guru99home/
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/guru99home/
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/guru99home/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/guru99home/
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/guru99home/scrolling.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/guru99home/scrolling.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/guru99home/scrolling.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/guru99home/scrolling.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/image_upload/
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/image_upload/
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/image_upload/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/image_upload/
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/link.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/link.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/link.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/link.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/login.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/login.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/login.html
Method GET
Parameter https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js
Attack
Evidence <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
Other Info
URL https://demo.guru99.com/test/login.html
Method GET
Parameter https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js
Attack
Evidence <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
Other Info
URL https://demo.guru99.com/test/login.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/login.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/newtours/
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/newtours/
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/newtours/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/newtours/
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/newtours/index.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/newtours/index.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/newtours/index.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/newtours/index.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/newtours/login.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/newtours/login.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/newtours/login.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/newtours/login.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/newtours/register.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/newtours/register.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/newtours/register.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/newtours/register.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/newtours/reservation.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/newtours/reservation.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/newtours/reservation.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/newtours/reservation.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/newtours/reservation2.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/newtours/reservation2.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/newtours/reservation2.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/newtours/reservation2.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/newtours/support.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/newtours/support.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/newtours/support.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/newtours/support.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/radio.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/radio.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/radio.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/radio.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.1.2
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.1.2'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/plugins/crayon-syntax-highlighter/js/min/crayon.te.min.js?ver=2.7.1
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/crayon-syntax-highlighter/js/min/crayon.te.min.js?ver=2.7.1'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/plugins/go_pricing/assets/js/go_pricing_scripts.js?ver=2.4.3
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/go_pricing/assets/js/go_pricing_scripts.js?ver=2.4.3'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/plugins/LayerSlider/static/js/greensock.js?ver=1.11.2
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/LayerSlider/static/js/greensock.js?ver=1.11.2'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/plugins/LayerSlider/static/js/layerslider.kreaturamedia.jquery.js?ver=5.2.0
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/LayerSlider/static/js/layerslider.kreaturamedia.jquery.js?ver=5.2.0'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/plugins/LayerSlider/static/js/layerslider.transitions.js?ver=5.2.0
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/LayerSlider/static/js/layerslider.transitions.js?ver=5.2.0'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?rev=4.6.0&ver=4.8
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?rev=4.6.0&#038;ver=4.8'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.tools.min.js?rev=4.6.0&ver=4.8
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.tools.min.js?rev=4.6.0&#038;ver=4.8'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/themes/dt-the7/js/desktop-tablet.min.js?ver=4.4.4
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/desktop-tablet.min.js?ver=4.4.4'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/themes/dt-the7/js/desktop.min.js?ver=4.4.4
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/desktop.min.js?ver=4.4.4'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/themes/dt-the7/js/dt-contact-form.js?ver=4.8
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/dt-contact-form.js?ver=4.8'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/themes/dt-the7/js/main.min.js?ver=4.4.4
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/main.min.js?ver=4.4.4'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/themes/dt-the7/js/modernizr.js?ver=4.4.4
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/modernizr.js?ver=4.4.4'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/themes/dt-the7/js/plugins.min.js?ver=4.4.4
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/plugins.min.js?ver=4.4.4'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/themes/dt-the7/js/plugins/validator/jquery.validationEngine.js?ver=2.6.1
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/plugins/validator/jquery.validationEngine.js?ver=2.6.1'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/themes/dt-the7/js/plugins/validator/languages/jquery.validationEngine-en.js?ver=2.6.1
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/plugins/validator/languages/jquery.validationEngine-en.js?ver=2.6.1'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/themes/dt-the7/js/svg-icons.min.js?ver=4.4.4
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/svg-icons.min.js?ver=4.4.4'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/themes/dt-the7/royalslider/jquery.royalslider.js?ver=4.4.4
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/royalslider/jquery.royalslider.js?ver=4.4.4'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-content/themes/dt-the7/wpbakery/js_composer/assets/js/js_composer_front.js?ver=4.3.4
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/wpbakery/js_composer/assets/js/js_composer_front.js?ver=4.3.4'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-includes/js/jquery/jquery.js?ver=1.12.4'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=2.22.0
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=2.22.0'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=4.8
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=4.8'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-includes/js/quicktags.min.js?ver=4.8
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-includes/js/quicktags.min.js?ver=4.8'></script>
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter https://www.seleniumframework.com/wp-includes/js/wp-embed.min.js?ver=4.8
Attack
Evidence <script type='text/javascript' src='https://www.seleniumframework.com/wp-includes/js/wp-embed.min.js?ver=4.8'></script>
Other Info
URL https://demo.guru99.com/test/table.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/table.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/table.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/table.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/tooltip.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/tooltip.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/tooltip.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/tooltip.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/upload/
Method GET
Parameter //cdn.guru99.com/media/jui/js/jquery.min.js
Attack
Evidence <script src=//cdn.guru99.com/media/jui/js/jquery.min.js></script>
Other Info
URL https://demo.guru99.com/test/upload/
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/upload/
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/upload/
Method GET
Parameter https://code.jquery.com/jquery-1.10.2.js
Attack
Evidence <script src="https://code.jquery.com/jquery-1.10.2.js"></script>
Other Info
URL https://demo.guru99.com/test/upload/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/upload/
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/yahoo.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/yahoo.html
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/yahoo.html
Method GET
Parameter https://web.archive.org/web/20130603222603js_/http://l.yimg.com/a/lib/msg/js/aurora/beta-all-yui-201107181400.js
Attack
Evidence <script type="text/javascript" src="https://web.archive.org/web/20130603222603js_/http://l.yimg.com/a/lib/msg/js/aurora/beta-all-yui-201107181400.js"></script>
Other Info
URL https://demo.guru99.com/test/yahoo.html
Method GET
Parameter https://web.archive.org/web/20130603222603js_/http://l.yimg.com/a/lib/msg/js/aurora_080603.js
Attack
Evidence <script type="text/javascript" src="https://web.archive.org/web/20130603222603js_/http://l.yimg.com/a/lib/msg/js/aurora_080603.js"></script>
Other Info
URL https://demo.guru99.com/test/yahoo.html
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/yahoo.html
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/V1/index.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/V1/index.php
Method GET
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/V1/index.php
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/V1/index.php
Method GET
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.1.5?q=test
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.1.5/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.1.5/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.0?q=test
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.2.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.0/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.18?q=test
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.2.18/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.18/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.19?q=test
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.2.19/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.19/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.24?q=test
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.2.24/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.24/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.4.0?q=test
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.6.0?q=test
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_alt_symbols/1.4.0?q=test
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_alt_symbols_raw/1.6.0?q=test
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_ng/1.4.0?q=test
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng/1.4.0?q=test
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng_raw/1.4.0?q=test
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw/1.4.0?q=test
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_escaped/1.4.0?q=test
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_escaped_alt_symbols/1.4.0?q=test
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_cookie_parse/1.6.0
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_form_parse/1.6.0
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_post_message_parse/1.6.0
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_storage_parse/1.6.0
Method GET
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script>
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_script?q=a
Method GET
Parameter http://irrelevant.google.com?a
Attack
Evidence <script src="http://irrelevant.google.com?a"/>
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_script?q=a
Method GET
Parameter http://irrelevant.google.com?a
Attack
Evidence <script src="http://irrelevant.google.com?a"/>
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity.html
Method GET
Parameter //nonexistent.google
Attack
Evidence <script src="//nonexistent.google"></script>
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_script?q=a
Method GET
Parameter http://irrelevant.google.com/a
Attack
Evidence <script src="http://irrelevant.google.com/a"/>
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://127.0.0.2/localhost_import.js
Method GET
Parameter http://127.0.0.2/localhost_import.js
Attack
Evidence <script src="http://127.0.0.2/localhost_import.js"></script>
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js
Method GET
Parameter http://192.168.1.2/private_network_import.js
Attack
Evidence <script src="http://192.168.1.2/private_network_import.js"></script>
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://g00gle.com/typosquatting_domain.js
Method GET
Parameter http://g00gle.com/typosquatting_domain.js
Attack
Evidence <script src="http://g00gle.com/typosquatting_domain.js"></script>
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=https://google.com
Method GET
Parameter https://google.com
Attack
Evidence <script src="https://google.com"></script>
Other Info
URL https://public-firing-range.appspot.com/vulnerablelibraries/jquery.html
Method GET
Parameter https://code.jquery.com/jquery-1.8.1.js
Attack
Evidence <script src="https://code.jquery.com/jquery-1.8.1.js"></script>
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/index.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/index.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/index.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/index.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/insurance/v1/index.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/insurance/v1/index.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/insurance/v1/index.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/insurance/v1/index.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/insurance/v1/register.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/insurance/v1/register.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/insurance/v1/register.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/insurance/v1/register.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/insurance/v1/retrieve_quotation.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/insurance/v1/retrieve_quotation.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/insurance/v1/retrieve_quotation.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/insurance/v1/retrieve_quotation.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/payment-gateway/process_card.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/process_card.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/payment-gateway/process_card.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/process_card.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/telecom/addtariffplans.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/telecom/addtariffplans.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/telecom/addtariffplans.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/telecom/addtariffplans.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/telecom/billing.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/telecom/billing.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/telecom/billing.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/telecom/billing.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/cookie/selenium_cookie.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/cookie/selenium_cookie.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/cookie/selenium_cookie.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/cookie/selenium_cookie.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/flash-testing.html
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/flash-testing.html
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/flash-testing.html
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/flash-testing.html
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/newtours/index.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/newtours/index.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/newtours/index.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/newtours/index.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/newtours/login.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/newtours/login.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/newtours/login.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/newtours/login.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/newtours/register.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/newtours/register.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/newtours/register.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/newtours/register.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/newtours/reservation2.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/newtours/reservation2.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/newtours/reservation2.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/newtours/reservation2.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/test/success.html
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/test/success.html
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/test/success.html
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/test/success.html
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://demo.guru99.com/V1/index.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script>
Other Info
URL https://demo.guru99.com/V1/index.php
Method POST
Parameter //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js
Attack
Evidence <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script>
Other Info
URL https://demo.guru99.com/V1/index.php
Method POST
Parameter https://www.googletagmanager.com/gtag/js?id=UA-1248015-24
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script>
Other Info
URL https://demo.guru99.com/V1/index.php
Method POST
Parameter https://www.googletagservices.com/tag/js/gpt.js
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0
Method POST
Parameter //ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script>
Other Info
Instances 402
Solution
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
Reference
CWE Id 829
WASC Id 15
Plugin Id 10017
Low
Information Disclosure - Debug Error Messages
Description
The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.
URL https://demo.guru99.com/test/newtours/support.php
Method GET
Parameter
Attack
Evidence Under Construction
Other Info
URL http://localhost:8090/bodgeit/advanced.jsp
Method POST
Parameter
Attack
Evidence Internal Server Error
Other Info
Instances 2
Solution
Disable debugging messages before pushing to production.
Reference
CWE Id 200
WASC Id 13
Plugin Id 10023
Low
Private IP Disclosure
Description
A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.
URL https://public-firing-range.appspot.com/badscriptimport
Method GET
Parameter
Attack
Evidence 192.168.1.2
Other Info 192.168.1.2 192.168.1.2
URL https://public-firing-range.appspot.com/badscriptimport/index.html
Method GET
Parameter
Attack
Evidence 192.168.1.2
Other Info 192.168.1.2 192.168.1.2
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js
Method GET
Parameter
Attack
Evidence 192.168.1.2
Other Info 192.168.1.2
Instances 3
Solution
Remove the private IP address from the HTTP response body. For comments, use JSP/ASP/PHP comment instead of HTML/JavaScript comment which can be seen by client browsers.
Reference https://tools.ietf.org/html/rfc1918
CWE Id 200
WASC Id 13
Plugin Id 2
Low
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
Description
The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.
URL https://demo.guru99.com/test/birthdate.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/7.2.34
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/7.2.34
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/7.2.34
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/7.2.34
Other Info
Instances 4
Solution
Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.
Reference https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework
https://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html
CWE Id 200
WASC Id 13
Plugin Id 10037
Low
Server Leaks Version Information via "Server" HTTP Response Header Field
Description
The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.
URL http://localhost:8090/bodgeit
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/about.jsp
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/admin.jsp
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/advanced.jsp
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/basket.jsp
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/contact.jsp
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/home.jsp
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/images/129.png
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/images/130.png
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/images/151.png
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/images/152.png
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/images/154.png
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/js/util.js
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=1
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=10
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=11
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=12
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=13
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=14
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=15
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=16
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=17
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=18
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=19
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=2
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=20
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=21
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=22
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=23
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=24
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=25
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=26
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=27
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=28
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=29
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=3
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=30
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=31
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=32
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=4
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=5
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=6
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=7
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=8
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?prodid=9
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=1
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=2
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=3
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=4
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=5
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=6
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/product.jsp?typeid=7
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/register.jsp
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/score.jsp
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/search.jsp
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/search.jsp?q=ZAP
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/style.css
Method GET
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/advanced.jsp
Method POST
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/contact.jsp
Method POST
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/login.jsp
Method POST
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
URL http://localhost:8090/bodgeit/register.jsp
Method POST
Parameter
Attack
Evidence Apache-Coyote/1.1
Other Info
Instances 64
Solution
Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.
Reference https://httpd.apache.org/docs/current/mod/core.html#servertokens
https://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)
https://www.troyhunt.com/shhh-dont-let-your-response-headers/
CWE Id 200
WASC Id 13
Plugin Id 10036
Low
Strict-Transport-Security Header Not Set
Description
HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.
URL https://demo.guru99.com/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/abap-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/accounting.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/adsfooter.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/agile-testing-course.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/customer/css/style.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/customer/JavaScript/test.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/customer/scripts/commonstyle.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/css/bootstrap.min.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/css/custom.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/css/home-bar.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/css/main.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/css/slider-cars.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/images/1.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/images/2.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/images/3.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/js/bootstrap.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/js/home-bar.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/js/jquery.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/js/slider-cars.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/js/treemenu.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/scripts/basic_functions.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/scripts/validate_login.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/angularjs-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/apache-nifi-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/apache.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/artificial-intelligence-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/asp-net-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/aws-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/best-hard-disks.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/bigdata-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/blockchain-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/blog/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/bugzilla-tutorial-for-beginners.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/business-analyst-tutorial-course.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/c-programming-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/c-sharp-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/c-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/cassandra-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/classes/calendar
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/cloud-computing-for-beginners.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/co-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/codeigniter-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/compiler-design-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/cpp-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/crystal-reports-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/css/bd.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/css/style.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/cucumber-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/data-science-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/data-testing.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/data-warehousing-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/dbms-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/devops-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/ethical-hacking-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/excel-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/free-digital-marketing-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/free-sap-sd-training-course.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/google-go-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/hbase-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/hive-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/hp-alm-free-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/images/java-logo.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/images/live-project-logo.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/images/logo/favicon.ico
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/images/logo/favicon1.ico
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/images/selenium-logo.jpg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/images/spacer.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/images/testing-logo-1.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/img/favicon.ico?1461205423
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/informatica-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/css/bootstrap.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/css/bootstrap.min.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/css/custom.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/css/home-bar.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/css/jquery-ui.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/css/main.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/css/slider-cars.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/css/style.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/favicon.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/header.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/index.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/javascript/bootstrap.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/javascript/home-bar.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/javascript/jquery.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/javascript/jquery.timeago.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/javascript/scripts.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/javascript/slider-cars.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/javascript/treemenu.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/register.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/interactive-javascript-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/introduction-ccna.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/java-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/JavaScript/test.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/jenkins-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/jira-tutorial-a-complete-guide-for-beginners.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/jmeter-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/jsp-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/junit-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/keras-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/learn-sap-testing-create-your-first-sap-test-case.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-agile-testing-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-ecommerce-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-insurance-testing-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-interactive-exercise-hp-alm.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-java-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-mobile-testing-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-payment-gateway-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-penetration-testing-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-php-project-learn-complete-web-development-cycle.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-projects.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-selenium-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-telecom-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-testing-project.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/live-uft-testing.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/loadrunner-v12-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/logo.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/mantis-bug-tracker-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/mariadb-tutorial-install.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/media/gantry5/assets/js/html5shiv-printshiv.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/media/gantry5/assets/js/html5shiv-printshiv.min.js?59966af6
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/media/gantry5/assets/js/main.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/media/gantry5/assets/js/main.js?59966af6
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/media/gantry5/assets/js/matchmedia.polyfill.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/media/gantry5/assets/js/matchmedia.polyfill.js?59966af6
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/media/gantry5/engines/nucleus/css/nucleus-ie9.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/media/gantry5/engines/nucleus/css/nucleus-ie9.css?59966afb
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/mis-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/mobile-testing.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/mongodb-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/ms-access-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/ms-sql-server-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/mysql-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/nltk-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/node-js-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/numpy-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/operating-system-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/overview-of-sap-apo.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/overview-of-sap-security.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/overview-of-sap-solution-manager.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/assets/css/bootstrap.min.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/assets/css/custom.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/assets/css/home-bar.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/assets/css/main.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/assets/css/main_v1.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/assets/css/slider-cars.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/assets/js/bootstrap.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/assets/js/home-bar.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/assets/js/jquery.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/assets/js/jquery.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/assets/js/main.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/assets/js/skel.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/assets/js/slider-cars.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/assets/js/treemenu.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/assets/js/util.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/cardnumber.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/images/american.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/images/card/temp-32.jpg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/images/card/temp-88.jpg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/images/discover.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/images/mastercard.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/images/Toy.jpg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/images/visa.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/index.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/purchasetoy.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/perl-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/photoshop-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/php-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/pl-sql-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/pmp-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/postgresql-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/postman-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/practitest-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/project-management-methodology.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/python-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/pytorch-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/qtest-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/quick-test-professional-qtp-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/r-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/release-notes
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/robotic-process-automation-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/robots.txt
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/ruby-on-rails-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-basis-training-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-bi.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-bods-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-bpc.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-crm-training.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-fico-training-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-hana-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-hcm.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-mm-training-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-payroll.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-pi-process-integration-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-pp-tutorials.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-quality-management-qm-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sap-training-hub.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sapui5-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/scripts/basic_functions.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/scripts/commonstyle.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/scripts/validate_login.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/images/1.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/images/2.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/images/3.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/scripts/basic_functions.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/scripts/validate_login.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/customer/css/bootstrap.min.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/customer/css/custom.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/customer/css/home-bar.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/customer/css/main.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/customer/css/slider-cars.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/customer/css/style.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/bootstrap.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/home-bar.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/jquery.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/slider-cars.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/test.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/treemenu.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/customer/scripts/commonstyle.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/selenium-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/selenium/facebook.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/css/e3c438a3d36360ba4dc5a169e3a1e376_0.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/images/041318_0534_WhatisFullf1.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/images/041318_0552_WhatisSAPBu1.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/images/051818_1048_SoftwareCon1.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/images/051818_1048_SoftwareCon2.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/js/b40b8f484a50c7147e39e067a6f3d6ef_0.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/js/jquery.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/logo_v1.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-1.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-2.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-3.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-4.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-5.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/page-6.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/seo/test-coverage-in-software-testing.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sitemap.xml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/soapui-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/software-engineering-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/software-testing.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sql.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/sqlite-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/tableau-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/talend-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=063675
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=069466
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=936997
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/addcustomer.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/addtariffplans.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/css/bootstrap.min.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/css/custom.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/css/home-bar.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/css/main.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/css/main1.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/css/slider-cars.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/js/bootstrap.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/js/home-bar.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/js/jquery.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/js/jquery.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/js/jquery.scrolly.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/js/main.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/js/skel.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/js/slider-cars.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/js/tariffplan.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/js/test.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/js/treemenu.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/js/util.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assets/js/w3.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/billing.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/images/pic01.jpg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/tensorflow-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test-management.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/accountingjs/AccountCSS.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/accountingjs/af3cfffb95196d4da1e9e744fbfc7875.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/accountingjs/jquery-ui.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/accountingjs/lesson6.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/ajax.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/ajax.html?name=ZAP
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/autoit.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/block.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/cookie/bootstrap.min.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/cookie/selenium_aut.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/css/377f23bd2c7ce689ba2b940f21d082ca.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/css/bd.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/css/bootstrap.min.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/css/custom.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/css/home-bar.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/css/main.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/css/slider-cars.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/css/style.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/drag_drop.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/facebook.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/false
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/flash-testing.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/flips2.swf
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/ads.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/css/font-awesome.min.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/css/homepage.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/favicon.ico
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/images/app_google_play(1).png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/images/logo_1.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/images/logo_funlearn.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/images/logo_respnsivsite.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/Jmeter720.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/js/jquery.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/play.google.com/store/apps/details?hl=en&id=com.vector.guru99
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/guru99home/scrolling.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/high
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/image_upload/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/image_upload/loader.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/image_upload/scripts/jquery.form.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/image_upload/scripts/jquery.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/img/eye.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/img/tooltips.jpg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/js/bootstrap.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/js/home-bar.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/js/jquery.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/js/jquery.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/js/jquery.tools.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/js/slider-cars.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/js/treemenu.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/js/w3.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/link.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/login.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/main.min.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/msgr11us.exe
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/black
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/fromDay
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/fromMonth
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/banner2.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/boxad1.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/continue.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/featured_destination.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/hdr_destinations.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/hdr_findflight.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/hdr_links.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/hdr_register.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/hdr_right.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/hdr_specials.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/hdr_tips.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/hdr_vacation.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/home.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/html.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/icn_destinations.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/icn_register.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/icn_vacations.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/logo.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/mast_construction.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/mast_flightfinder.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/mast_register.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/mast_signon.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/spacer.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/submit.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/images/tip93.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/index.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/register.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/reservation.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/reservation2.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/Select%20Arrivale%20Date
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/Select%20Departure%20Date
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/support.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/toDay
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/toMonth
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/radio.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/scrolling.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/table.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/tooltip.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/upload/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/upload/css/banner-styles.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/upload/css/style.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/upload/images/spinner.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/upload/register.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/upload/rules.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/yahoo.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/testlink-tutorial-complete-guide.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/tools/tooltip/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/uml-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/unix-linux-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/utlimate-guide-etl-datawarehouse-testing.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/css/bootstrap.min.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/css/custom.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/css/home-bar.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/css/main.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/css/slider-cars.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/css/style.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/index.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/JavaScript/bootstrap.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/JavaScript/home-bar.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/JavaScript/jquery.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/JavaScript/slider-cars.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/JavaScript/test.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/JavaScript/treemenu.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V4/css/bootstrap.min.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V4/css/custom.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V4/css/home-bar.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V4/css/main.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V4/css/slider-cars.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V4/JavaScript/bootstrap.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V4/JavaScript/home-bar.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V4/JavaScript/jquery.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V4/JavaScript/slider-cars.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V4/JavaScript/treemenu.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/vb-net-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/vba-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/vbscript-tutorials-for-beginners.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web-services-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/bootstrap.min.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/custom.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/home-bar.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/main.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/slider-cars.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20141011154238im_/http:/www.megafileupload.com/skin/custom/images/add.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20141011154238im_/http:/www.megafileupload.com/skin/custom/images/delete.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/what-is-sap.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/wpf-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/zephyr-agile-jira.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/zephyr-enterprise.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/zookeeper-tutorial.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/*
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/baseURI
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/baseURI/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/documentURI
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/documentURI/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/assign
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/documentwriteln
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/formaction
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/function
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/inlineevent
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/jshref
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/onclickAddEventListener
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/onclickSetAttribute
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/rangeCreateContextualFragment
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/replace
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location.hash/setTimeout
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/assign
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/documentwriteln
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/rangeCreateContextualFragment
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/replace
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/location/setTimeout
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/locationhref
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/locationhref/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/locationpathname
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/locationpathname/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/locationsearch
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/locationsearch/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/URL
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/URL/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/URLUnencoded
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/address/URLUnencoded/documentwrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.1.5?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.18?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.19?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.24?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.4.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body/1.6.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_alt_symbols
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_alt_symbols/1.4.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_alt_symbols_raw
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_alt_symbols_raw/1.6.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_ng
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_ng/1.4.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng/1.4.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng_raw
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng_raw/1.4.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw/1.4.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_escaped
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_escaped/1.4.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_escaped_alt_symbols
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_escaped_alt_symbols/1.4.0?q=test
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_post
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_cookie_parse
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_cookie_parse/1.6.0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_form_parse
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_form_parse/1.6.0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_post_message_parse
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_post_message_parse/1.6.0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_storage_parse
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_storage_parse/1.6.0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/badscriptimport
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/badscriptimport/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/clickjacking
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/clickjacking/clickjacking_csp_no_frame_ancestors
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/clickjacking/clickjacking_xfo_allowall
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/clickjacking/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowInsecureScheme
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowNullOrigin
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginEndsWith
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginProtocolDowngrade
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginRegexDot
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginStartsWith
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/alloworigin/dynamicAllowOrigin
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/cors/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/div
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/dompropagation
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/dompropagation/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/javascripturi.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/array
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/array/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/property
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/property/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/array
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/array/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/property
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/property/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/array
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/array/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/property
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/property/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/complexMessageDocumentWriteEval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/improperOriginValidationWithPartialStringComparison
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/improperOriginValidationWithRegExp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/array
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/array/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/property
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/property/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/window
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/array
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/array/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/function
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/function/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/function/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/function/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/property
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/property/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/array
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/array/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/function
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/function/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/function/eval
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/function/innerHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/property
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/property/documentWrite
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/js/encodeURIComponent?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/js/escape?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/js/html_escape?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_name?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_quoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_script?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_singlequoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_unquoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/body?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/body_comment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_import?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style_font_value?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style_value?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/head?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/href?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_assignment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_comment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_eval?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_quoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_singlequoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_slashquoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/tagname?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/textarea?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_name?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_quoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_script?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_singlequoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_unquoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/body?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/body_comment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_import?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style_font_value?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style_value?escape=HTML_ESCAPE&q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/head?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/href?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_assignment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_comment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_eval?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_quoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_singlequoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_slashquoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/tagname?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/textarea?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/flashinjection
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/flashinjection/callbackIsEchoedBack?callback=func
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/flashinjection/callbackParameterDoesNothing?callback=func
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/flashinjection/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity_dynamically_added.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/jsonp?callback=%25q
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/jsonp?callback=callbackFunc&other=%25q
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/leakedcookie
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/leakedcookie/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/leakedcookie/leakedcookie
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/leakedcookie/leakedcookie.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/leakedcookie/leakedinresource
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/mixedcontent
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/mixedcontent/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/pression
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/redirect
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/redirect/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/redirect/meta?q=/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/redirect/parameter
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/contentsniffing
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/contentsniffing/json?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/contentsniffing/plaintext?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_quoted
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_quoted/DOUBLE_QUOTED_ATTRIBUTE?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_singlequoted
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_singlequoted/SINGLE_QUOTED_ATTRIBUTE?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_unquoted
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_unquoted/UNQUOTED_ATTRIBUTE?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredcharsets
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredcharsets/attribute_unquoted
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredcharsets/attribute_unquoted/DoubleQuoteSinglequote?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredcharsets/body
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredcharsets/body/SpaceDoubleQuoteSlashEquals?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseInsensitive
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseInsensitive/script?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseSensitive
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseSensitive/script?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/jsoncallback
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_name?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_quoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_script?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_singlequoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_unquoted?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body/400?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body/401?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body/403?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body/404?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body/500?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/body_comment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/css_style?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/css_style_font_value?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/css_style_value?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/form
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/head?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/iframe_attribute_value?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/iframe_srcdoc?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_assignment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_comment?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_eval?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_quoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_singlequoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/js_slashquoted_string?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/json?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/noscript?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/style_attribute_value?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/tagname?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/textarea?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/textarea_attribute_value?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/title?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/css_import?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/href?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/object_data?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/object_param?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/url/script_src?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/object_hash.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/object
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/object/application_x-shockwave-flash?q=https://google.com
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/object_raw?q=https://google.com
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://127.0.0.2/localhost_import.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://g00gle.com/typosquatting_domain.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=https://google.com
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/script_hash.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/jsonpendpoint?callback&q
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/jsonpendpoint?callback=callbackFunc&q
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/jsonpendpoint?callback=foo&q
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/jsonpendpoint?callback=urc_button.click&q
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithXFO
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithXFO/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithXFO
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithXFO/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithoutXFO
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithoutXFO/?q=foo
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithXFO
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithXFO/?q=foo
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithoutXFO
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithoutXFO/?q=%26callback%3Dfoo%23
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithXFO
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithXFO/?q=%26callback%3Dfoo%23
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/InCallback
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/InCallback/?q=urc_button.click
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/OtherParameter
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/OtherParameter/?q=%26callback%3Durc_button.click%23
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/robots.txt
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/script
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/sitemap.xml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_missing
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/expression?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/multiline?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/tag
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/tag/a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/tag/a/href?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/tag/a/style?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/tag/body
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/tag/body/onload?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/tag/div
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/tag/div/style?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/tag/div?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/tag/iframe?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/tag/img?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/tag/meta?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/tag/script
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/tag/script/src?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/tag/style?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/tags/tag?q=a
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/jsonp?callback=foo
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/jsonp?callback=foobar
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/a.href
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/base.href
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/document.location
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/embed.src
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/fetch
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/form.action
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/iframe.src
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/input.formaction
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/link.href
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/object.data
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/param.code.value
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/param.movie.value
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/param.src.value
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/param.url.value
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/script.href
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_domain
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_path
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_query
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/window.open
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/hash/xhr.open
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/search
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/search/area.href?//example.org
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/search/button.formaction?//example.org
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/search/frame.src?//example.org
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/search/location.assign?//example.org
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/location/search/svg.a?//example.org
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/urldom/redirect?url=http://example.com
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/vulnerablelibraries
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/vulnerablelibraries/index.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/vulnerablelibraries/jquery.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/vulnerablelibraries/x
Method GET
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/new_quotation.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/insurance/v1/retrieve_quotation.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/addtariffplans.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/telecom/billing.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/cookie/selenium_cookie.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/flash-testing.html
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/image_upload/ajaximage.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/index.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/login.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/register.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/newtours/reservation2.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/success.html
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/test/upload/emaillinks.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/V1/index.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://demo.guru99.com/web/20141011154238/http:/212.7.194.85/cgi-bin/upload.cgi?maxfilesize=206000000
Method POST
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0
Method POST
Parameter
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/reflected/parameter/form
Method POST
Parameter
Attack
Evidence
Other Info
Instances 911
Solution
Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.
Reference https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html
https://owasp.org/www-community/Security_Headers
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
https://caniuse.com/stricttransportsecurity
https://datatracker.ietf.org/doc/html/rfc6797
CWE Id 319
WASC Id 15
Plugin Id 10035
Low
Strict-Transport-Security Missing Max-Age (Non-compliant with Spec)
Description
A HTTP Strict Transport Security (HSTS) header was found, but it is missing the max-age directive (or the directive is missing a value). See RFC 6797 for further details.

HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_max_age_missing
Method GET
Parameter
Attack
Evidence includeSubDomains; preload
Other Info
Instances 1
Solution
Review the configuration of this control. Ensure that your web server, application server, load balancer, etc. is configured to set Strict-Transport-Security with an appropriate max-age value.
Reference https://datatracker.ietf.org/doc/html/rfc6797#section-6.2
CWE Id 319
WASC Id 15
Plugin Id 10035
Low
Timestamp Disclosure - Unix
Description
A timestamp was disclosed by the application/web server - Unix
URL https://demo.guru99.com/test/cookie/bootstrap.min.css
Method GET
Parameter
Attack
Evidence 1428571435
Other Info 1428571435, which evaluates to: 2015-04-09 10:23:55
URL https://demo.guru99.com/test/login.html
Method GET
Parameter
Attack
Evidence 1461205423
Other Info 1461205423, which evaluates to: 2016-04-21 03:23:43
Instances 2
Solution
Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.
Reference https://cwe.mitre.org/data/definitions/200.html
CWE Id 200
WASC Id 13
Plugin Id 10096
Low
X-Content-Type-Options Header Missing
Description
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
URL http://localhost:8090/bodgeit/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/about.jsp
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/admin.jsp
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/advanced.jsp
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/basket.jsp
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/contact.jsp
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/home.jsp
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/images/129.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/images/130.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/images/151.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/images/152.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/images/154.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/js/util.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=10
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=11
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=12
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=13
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=14
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=15
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=16
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=17
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=18
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=19
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=2
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=20
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=21
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=22
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=23
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=24
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=25
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=26
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=27
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=28
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=29
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=3
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=30
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=31
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=32
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=4
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=5
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=6
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=7
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=8
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?prodid=9
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?typeid=1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?typeid=2
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?typeid=3
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?typeid=4
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?typeid=5
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?typeid=6
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/product.jsp?typeid=7
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/register.jsp
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/score.jsp
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/search.jsp
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/search.jsp?q=ZAP
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/style.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://public-firing-range.appspot.com/mixedcontent/script.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Agile_Project/Agi_V1/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Agile_Project/Agi_V1/customer/css/style.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Agile_Project/Agi_V1/customer/JavaScript/test.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Agile_Project/css/bootstrap.min.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Agile_Project/css/custom.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Agile_Project/css/home-bar.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Agile_Project/css/main.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Agile_Project/css/slider-cars.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Agile_Project/js/bootstrap.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Agile_Project/js/home-bar.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Agile_Project/js/jquery.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Agile_Project/js/slider-cars.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Agile_Project/js/treemenu.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/css/style.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/images/java-logo.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/images/live-project-logo.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/images/selenium-logo.jpg
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/images/testing-logo-1.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/css/bootstrap.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/css/bootstrap.min.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/css/custom.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/css/home-bar.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/css/jquery-ui.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/css/main.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/css/slider-cars.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/css/style.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/favicon.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/header.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/index.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/javascript/bootstrap.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/javascript/home-bar.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/javascript/jquery.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/javascript/jquery.timeago.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/javascript/scripts.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/javascript/slider-cars.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/javascript/treemenu.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/register.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/JavaScript/test.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/logo.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/assets/css/bootstrap.min.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/assets/css/custom.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/assets/css/home-bar.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/assets/css/main.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/assets/css/main_v1.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/assets/css/slider-cars.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/assets/js/bootstrap.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/assets/js/home-bar.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/assets/js/jquery.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/assets/js/jquery.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/assets/js/main.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/assets/js/skel.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/assets/js/slider-cars.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/assets/js/treemenu.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/assets/js/util.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/cardnumber.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/images/american.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/images/card/temp-32.jpg
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/images/card/temp-88.jpg
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/images/discover.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/images/mastercard.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/images/Toy.jpg
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/images/visa.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/index.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/purchasetoy.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/robots.txt
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Security/SEC_V1/customer/css/bootstrap.min.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Security/SEC_V1/customer/css/custom.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Security/SEC_V1/customer/css/home-bar.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Security/SEC_V1/customer/css/main.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Security/SEC_V1/customer/css/slider-cars.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Security/SEC_V1/customer/css/style.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/bootstrap.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/home-bar.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/jquery.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/slider-cars.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/test.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/treemenu.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/selenium/facebook.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/seo/css/e3c438a3d36360ba4dc5a169e3a1e376_0.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/seo/images/041318_0534_WhatisFullf1.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/seo/images/041318_0552_WhatisSAPBu1.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/seo/images/051818_1048_SoftwareCon1.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/seo/images/051818_1048_SoftwareCon2.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/seo/js/b40b8f484a50c7147e39e067a6f3d6ef_0.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/seo/js/jquery.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/seo/logo_v1.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/seo/page-1.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/seo/page-2.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/seo/page-3.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/seo/page-4.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/seo/page-5.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/seo/page-6.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/access.php?uid=063675
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/access.php?uid=069466
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/access.php?uid=936997
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/addcustomer.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/addtariffplans.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/css/bootstrap.min.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/css/custom.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/css/home-bar.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/css/main.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/css/main1.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/css/slider-cars.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/js/bootstrap.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/js/home-bar.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/js/jquery.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/js/jquery.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/js/jquery.scrolly.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/js/main.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/js/skel.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/js/slider-cars.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/js/tariffplan.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/js/test.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/js/treemenu.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/js/util.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assets/js/w3.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/billing.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/images/pic01.jpg
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/accountingjs/AccountCSS.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/accountingjs/af3cfffb95196d4da1e9e744fbfc7875.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/accountingjs/jquery-ui.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/accountingjs/lesson6.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/ajax.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/ajax.html?name=ZAP
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/autoit.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/birthdate.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/block.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/cookie/bootstrap.min.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/cookie/selenium_aut.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/css/377f23bd2c7ce689ba2b940f21d082ca.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/css/bd.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/css/bootstrap.min.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/css/custom.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/css/home-bar.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/css/main.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/css/slider-cars.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/css/style.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/delete_customer.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/drag_drop.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/facebook.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/flash-testing.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/flips2.swf
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/guru99home/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/guru99home/ads.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/guru99home/css/font-awesome.min.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/guru99home/css/homepage.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/guru99home/favicon.ico
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/guru99home/images/app_google_play(1).png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/guru99home/images/logo_1.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/guru99home/images/logo_funlearn.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/guru99home/images/logo_respnsivsite.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/guru99home/Jmeter720.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/guru99home/js/jquery.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/guru99home/scrolling.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/image_upload/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/image_upload/loader.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/image_upload/scripts/jquery.form.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/image_upload/scripts/jquery.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/img/eye.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/img/tooltips.jpg
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/js/bootstrap.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/js/home-bar.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/js/jquery.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/js/jquery.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/js/jquery.tools.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/js/slider-cars.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/js/treemenu.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/js/w3.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/link.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/login.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/main.min.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/msgr11us.exe
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/banner2.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/boxad1.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/continue.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/featured_destination.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/hdr_destinations.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/hdr_findflight.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/hdr_links.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/hdr_register.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/hdr_right.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/hdr_specials.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/hdr_tips.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/hdr_vacation.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/home.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/html.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/icn_destinations.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/icn_register.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/icn_vacations.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/logo.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/mast_construction.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/mast_flightfinder.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/mast_register.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/mast_signon.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/submit.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/images/tip93.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/index.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/login.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/register.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/reservation.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/reservation2.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/support.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/radio.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/table.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/tooltip.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/upload/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/upload/css/banner-styles.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/upload/css/style.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/upload/images/spinner.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/yahoo.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V1/css/bootstrap.min.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V1/css/custom.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V1/css/home-bar.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V1/css/main.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V1/css/slider-cars.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V1/css/style.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V1/index.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V1/JavaScript/bootstrap.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V1/JavaScript/home-bar.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V1/JavaScript/jquery.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V1/JavaScript/slider-cars.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V1/JavaScript/test.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V1/JavaScript/treemenu.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V4/css/bootstrap.min.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V4/css/custom.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V4/css/home-bar.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V4/css/main.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V4/css/slider-cars.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V4/JavaScript/bootstrap.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V4/JavaScript/home-bar.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V4/JavaScript/jquery.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V4/JavaScript/slider-cars.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V4/JavaScript/treemenu.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/baseURI/documentwrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/documentURI/documentwrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location.hash/assign
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location.hash/documentwrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location.hash/documentwriteln
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location.hash/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location.hash/formaction
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location.hash/function
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location.hash/inlineevent
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location.hash/innerHtml
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location.hash/jshref
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location.hash/onclickAddEventListener
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location.hash/onclickSetAttribute
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location.hash/rangeCreateContextualFragment
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location.hash/replace
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location.hash/setTimeout
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location/assign
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location/documentwrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location/documentwriteln
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location/innerHtml
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location/rangeCreateContextualFragment
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location/replace
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/location/setTimeout
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/locationhref/documentwrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/locationpathname/documentwrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/locationsearch/documentwrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/URL/documentwrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/address/URLUnencoded/documentwrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body/1.1.5?q=test
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.0?q=test
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.18?q=test
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.19?q=test
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.24?q=test
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body/1.4.0?q=test
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body/1.6.0?q=test
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body_alt_symbols/1.4.0?q=test
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body_alt_symbols_raw/1.6.0?q=test
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_ng/1.4.0?q=test
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng/1.4.0?q=test
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng_raw/1.4.0?q=test
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body_raw/1.4.0?q=test
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body_raw_escaped/1.4.0?q=test
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body_raw_escaped_alt_symbols/1.4.0?q=test
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_cookie_parse/1.6.0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_form_parse/1.6.0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_post_message_parse/1.6.0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_storage_parse/1.6.0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/badscriptimport
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/badscriptimport/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/clickjacking
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/clickjacking/clickjacking_csp_no_frame_ancestors
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/clickjacking/clickjacking_xfo_allowall
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/clickjacking/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/cors
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/cors/alloworigin/allowInsecureScheme
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/cors/alloworigin/allowNullOrigin
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginEndsWith
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginProtocolDowngrade
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginRegexDot
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginStartsWith
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/cors/alloworigin/dynamicAllowOrigin
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/cors/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/dompropagation
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/dompropagation/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/innerHtml
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/innerHtml
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/javascripturi.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/innerHtml
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/innerHtml
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/array/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/innerHtml
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/property/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/array/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/innerHtml
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/property/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/array
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/array/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/innerHtml
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/property
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/property/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/complexMessageDocumentWriteEval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/improperOriginValidationWithPartialStringComparison
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/improperOriginValidationWithRegExp
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/innerHtml
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/array
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/array/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/innerHtml
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/property
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/property/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name/innerHtml
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/array/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/function/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/function/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/function/innerHtml
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/property/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/array/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/function/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/function/eval
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/function/innerHtml
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/property/documentWrite
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/js/encodeURIComponent?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/js/escape?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/js/html_escape?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_name?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_quoted?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_script?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_singlequoted?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_unquoted?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/body?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/body_comment?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_import?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style_font_value?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style_value?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/head?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_assignment?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_comment?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_eval?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_quoted_string?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_singlequoted_string?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_slashquoted_string?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/tagname?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/textarea?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_name?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_quoted?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_script?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_singlequoted?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_unquoted?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/body?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/body_comment?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_import?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style_font_value?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style_value?escape=HTML_ESCAPE&q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/head?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_assignment?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_comment?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_eval?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_quoted_string?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_singlequoted_string?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_slashquoted_string?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/tagname?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/textarea?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/flashinjection
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/flashinjection/callbackIsEchoedBack?callback=func
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/flashinjection/callbackParameterDoesNothing?callback=func
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/flashinjection/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity_dynamically_added.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/leakedcookie
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/leakedcookie/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/leakedcookie/leakedcookie
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/leakedcookie/leakedcookie.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/leakedcookie/leakedinresource
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/mixedcontent
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/mixedcontent/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/redirect
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/redirect/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/redirect/meta?q=/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/contentsniffing/json?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/contentsniffing/plaintext?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_quoted/DOUBLE_QUOTED_ATTRIBUTE?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_singlequoted/SINGLE_QUOTED_ATTRIBUTE?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_unquoted/UNQUOTED_ATTRIBUTE?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/filteredcharsets/attribute_unquoted/DoubleQuoteSinglequote?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/filteredcharsets/body/SpaceDoubleQuoteSlashEquals?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseInsensitive/script?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseSensitive/script?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/jsoncallback
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_name?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_quoted?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_script?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_singlequoted?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_unquoted?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/body
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/body?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/body_comment?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/css_style?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/css_style_font_value?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/css_style_value?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/form
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/head?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/iframe_attribute_value?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/iframe_srcdoc?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/js_assignment?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/js_comment?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/js_eval?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/js_quoted_string?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/js_singlequoted_string?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/js_slashquoted_string?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/json?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/noscript?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/style_attribute_value?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/tagname?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/textarea?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/textarea_attribute_value?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/title?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/url/css_import?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/url/href?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/url/object_data?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/url/object_param?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/url/script_src?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/remoteinclude
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/remoteinclude/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/remoteinclude/object_hash.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/remoteinclude/parameter/object/application_x-shockwave-flash?q=https://google.com
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/remoteinclude/parameter/object_raw?q=https://google.com
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://127.0.0.2/localhost_import.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://g00gle.com/typosquatting_domain.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=https://google.com
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/remoteinclude/script_hash.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/jsonpendpoint?callback=callbackFunc&q
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/jsonpendpoint?callback=foo&q
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/jsonpendpoint?callback=urc_button.click&q
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithXFO
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithXFO/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithXFO
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithXFO/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithoutXFO
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithoutXFO/?q=foo
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithXFO
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithXFO/?q=foo
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithoutXFO
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithoutXFO/?q=%26callback%3Dfoo%23
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithXFO
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithXFO/?q=%26callback%3Dfoo%23
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/InCallback
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/InCallback/?q=urc_button.click
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/OtherParameter
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/OtherParameter/?q=%26callback%3Durc_button.click%23
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/stricttransportsecurity
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_includesubdomains_missing
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_max_age_missing
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_max_age_too_low
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_missing
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/stricttransportsecurity/hsts_preload_missing
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/stricttransportsecurity/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/tags
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/tags/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/tags/multiline?q=a
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/jsonp?callback=foo
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/jsonp?callback=foobar
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/a.href
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/base.href
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/document.location
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/embed.src
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/fetch
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/form.action
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/iframe.src
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/input.formaction
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/link.href
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/object.data
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/param.code.value
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/param.movie.value
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/param.src.value
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/param.url.value
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/script.href
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_domain
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_path
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_query
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/window.open
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/hash/xhr.open
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/search/area.href?//example.org
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/search/button.formaction?//example.org
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/search/frame.src?//example.org
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/search/location.assign?//example.org
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/urldom/location/search/svg.a?//example.org
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/vulnerablelibraries
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/vulnerablelibraries/index.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/vulnerablelibraries/jquery.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/contact.jsp
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/login.jsp
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://localhost:8090/bodgeit/register.jsp
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/new_quotation.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/insurance/v1/retrieve_quotation.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/addtariffplans.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/telecom/billing.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/birthdate.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/cookie/selenium_cookie.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/delete_customer.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/flash-testing.html
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/image_upload/ajaximage.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/index.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/login.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/register.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/newtours/reservation2.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/test/success.html
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://demo.guru99.com/V1/index.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://public-firing-range.appspot.com/reflected/parameter/form
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
Instances 662
Solution
Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
Reference https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)
https://owasp.org/www-community/Security_Headers
CWE Id 693
WASC Id 15
Plugin Id 10021
Informational
Authentication Request Identified
Description
The given request has been identified as an authentication request. The 'Other Info' field contains a set of key=value lines which identify any relevant fields. If the request is in a context which has an Authentication Method set to "Auto-Detect" then this rule will change the authentication to match the request identified.
URL https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20
Method GET
Parameter email
Attack
Evidence pass
Other Info userParam= email userValue=ZAP passwordParam= pass referer=https://demo.guru99.com/index.php
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method POST
Parameter btnLogin
Attack
Evidence password
Other Info userParam=btnLogin userValue=LOGIN passwordParam=password referer=https://demo.guru99.com/Agile_Project/Agi_V1/
URL https://demo.guru99.com/insurance/v1/index.php
Method POST
Parameter email
Attack
Evidence password
Other Info userParam=email userValue=zaproxy@example.com passwordParam=password referer=https://demo.guru99.com/insurance/v1/index.php
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method POST
Parameter btnLogin
Attack
Evidence password
Other Info userParam=btnLogin userValue=LOGIN passwordParam=password referer=https://demo.guru99.com/Security/SEC_V1/index.php
URL https://demo.guru99.com/test/cookie/selenium_cookie.php
Method POST
Parameter username
Attack
Evidence password
Other Info userParam=username userValue=ZAP passwordParam=password referer=https://demo.guru99.com/test/cookie/selenium_aut.php
URL https://demo.guru99.com/test/newtours/index.php
Method POST
Parameter userName
Attack
Evidence password
Other Info userParam=userName userValue=ZAP passwordParam=password referer=https://demo.guru99.com/test/newtours/
URL https://demo.guru99.com/test/success.html
Method POST
Parameter email
Attack
Evidence passwd
Other Info userParam=email userValue=zaproxy@example.com passwordParam=passwd referer=https://demo.guru99.com/test/login.html
URL https://demo.guru99.com/V1/index.php
Method POST
Parameter btnLogin
Attack
Evidence password
Other Info userParam=btnLogin userValue=LOGIN passwordParam=password referer=https://demo.guru99.com/V1/index.php
URL https://demo.guru99.com/web/20141011154238/http:/212.7.194.85/cgi-bin/upload.cgi?maxfilesize=206000000
Method POST
Parameter AccessKey
Attack
Evidence file_password[0]
Other Info userParam=AccessKey userValue=MTI= passwordParam=file_password[0] referer=https://demo.guru99.com/test/upload/
URL http://localhost:8090/bodgeit/login.jsp
Method POST
Parameter username
Attack
Evidence password
Other Info userParam=username userValue=test@example.com passwordParam=password
URL http://localhost:8090/bodgeit/login.jsp
Method POST
Parameter username
Attack
Evidence password
Other Info userParam=username userValue=ZAP passwordParam=password referer=http://localhost:8090/bodgeit/login.jsp
URL https://demo.guru99.com/test/newtours/login.php
Method POST
Parameter userName
Attack
Evidence password
Other Info userParam=userName userValue=ZAP passwordParam=password referer=https://demo.guru99.com/test/newtours/login.php
Instances 12
Solution
This is an informational alert rather than a vulnerability and so there is nothing to fix.
Reference https://www.zaproxy.org/docs/desktop/addons/authentication-helper/auth-req-id/
CWE Id
WASC Id
Plugin Id 10111
Informational
Information Disclosure - Sensitive Information in URL
Description
The request appeared to contain sensitive information leaked in the URL. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment.
URL https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20
Method GET
Parameter pass
Attack
Evidence pass
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: pass pass
Instances 1
Solution
Do not pass sensitive information in URIs.
Reference
CWE Id 200
WASC Id 13
Plugin Id 10024
Informational
Information Disclosure - Suspicious Comments
Description
The response appears to contain suspicious comments which may help an attacker. Note: Matches made within script blocks or files are against the entire content not only comments.
URL http://localhost:8090/bodgeit/advanced.jsp
Method GET
Parameter
Attack
Evidence query
Other Info The following pattern was used: \bQUERY\b and was detected in the element starting with: "<SCRIPT> loadfile('./js/encryption.js'); var key = "62be933b-25b1-40"; function validateForm(form){ ", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/js/util.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "////The following is from:", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/js/util.js
Method GET
Parameter
Attack
Evidence query
Other Info The following pattern was used: \bQUERY\b and was detected in the element starting with: "//http://stackoverflow.com/questions/316781/how-to-build-query-string-with-javascript", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Agile_Project/Agi_V1/customer/JavaScript/test.js
Method GET
Parameter
Attack
Evidence From
Other Info The following pattern was used: \bFROM\b and was detected 2 times, the first in the element starting with: " document.getElementById('message26').innerHTML="From Date Field must not be blank";", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Agile_Project/Agi_V1/customer/JavaScript/test.js
Method GET
Parameter
Attack
Evidence Select
Other Info The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: " if(acc1 == "Select Account")", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Agile_Project/Agi_V1/customer/JavaScript/test.js
Method GET
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: " document.getElementById('message23').innerHTML="User-ID must not be blank";", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Agile_Project/js/jquery.js
Method GET
Parameter
Attack
Evidence db
Other Info The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Agile_Project/js/jquery.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "},cur:function(){var a=Zb.propHooks[this.prop];return a&&a.get?a.get(this):Zb.propHooks._default.get(this)},run:function(a){var ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Agile_Project/js/treemenu.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: " * a button from firing. ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/header.php
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script> function calculatePremium(){ //alert("abc"); var value=$("#quotation_vehicle_attributes_value").val(); if(value>1", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js
Method GET
Parameter
Attack
Evidence bug
Other Info The following pattern was used: \bBUG\b and was detected 10 times, the first in the element starting with: " // We allow this because of a bug in IE8/9 that throws an error", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js
Method GET
Parameter
Attack
Evidence bugs
Other Info The following pattern was used: \bBUGS\b and was detected 4 times, the first in the element starting with: " // discovered by ChrisS here: http://bugs.jquery.com/ticket/12282#comment:15", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected 56 times, the first in the element starting with: " // Logic borrowed from http://json.org/json2.js", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js
Method GET
Parameter
Attack
Evidence later
Other Info The following pattern was used: \bLATER\b and was detected 9 times, the first in the element starting with: "// Give the init function the jQuery prototype for later instantiation", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js
Method GET
Parameter
Attack
Evidence query
Other Info The following pattern was used: \bQUERY\b and was detected in the element starting with: "//key/values into a query string", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected 21 times, the first in the element starting with: " // We use this for POS matching in `select`", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 5 times, the first in the element starting with: " // Can be adjusted by the user", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 4 times, the first in the element starting with: " username: null,", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js
Method GET
Parameter
Attack
Evidence where
Other Info The following pattern was used: \bWHERE\b and was detected 9 times, the first in the element starting with: " // Handle the case where IE and Opera return items", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js
Method GET
Parameter
Attack
Evidence bug
Other Info The following pattern was used: \bBUG\b and was detected 6 times, the first in the element starting with: " // event.target.nodeName works around a bug in IE 8 with", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js
Method GET
Parameter
Attack
Evidence bugs
Other Info The following pattern was used: \bBUGS\b and was detected 8 times, the first in the element starting with: "// support: jQuery 1.6.1, 1.6.2 (http://bugs.jquery.com/ticket/9413)", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected 104 times, the first in the element starting with: "// $.ui might exist from components with no dependencies, e.g., $.ui.position", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js
Method GET
Parameter
Attack
Evidence later
Other Info The following pattern was used: \bLATER\b and was detected 4 times, the first in the element starting with: " // redefine the widget later", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected 28 times, the first in the element starting with: " return ( /input|select|textarea|button|object/.test( nodeName ) ?", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js
Method GET
Parameter
Attack
Evidence TODO
Other Info The following pattern was used: \bTODO\b and was detected 20 times, the first in the element starting with: " // TODO: determine which cases actually cause this to happen", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 10 times, the first in the element starting with: " //If overflow is hidden, the element might have extra content, but the user wants to hide it", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js
Method GET
Parameter
Attack
Evidence where
Other Info The following pattern was used: \bWHERE\b and was detected 11 times, the first in the element starting with: " // Ignore z-index if position is set to a value where z-index is ignored by the browser", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery.js
Method GET
Parameter
Attack
Evidence db
Other Info The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "},cur:function(){var a=Zb.propHooks[this.prop];return a&&a.get?a.get(this):Zb.propHooks._default.get(this)},run:function(a){var ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/jquery.timeago.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: " suffixFromNow: "from now",", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/scripts.js
Method GET
Parameter
Attack
Evidence later
Other Info The following pattern was used: \bLATER\b and was detected in the element starting with: "$('#savedidentification').html("You have saved this quotation!<br />Your identification number is: "+data+"<br />Please write it", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/scripts.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: " $(this).effect("highlight",3000).select();", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/scripts.js
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 7 times, the first in the element starting with: " $("#divincidents").append( "<label for='user_incidents_attributes_"+o+"_description'>Description</label><input id='user_inciden", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/scripts.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "//xhr.setRequestHeader("Authentication", "username:password in base64")", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/scripts.js
Method GET
Parameter
Attack
Evidence where
Other Info The following pattern was used: \bWHERE\b and was detected in the element starting with: "//makes request to connect.php where another request is made to underwriter with all parameters", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/javascript/treemenu.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: " * a button from firing. ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/payment-gateway/assets/js/jquery.js
Method GET
Parameter
Attack
Evidence db
Other Info The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/payment-gateway/assets/js/jquery.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "},cur:function(){var a=Zb.propHooks[this.prop];return a&&a.get?a.get(this):Zb.propHooks._default.get(this)},run:function(a){var ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/payment-gateway/assets/js/jquery.min.js
Method GET
Parameter
Attack
Evidence db
Other Info The following pattern was used: \bDB\b and was detected in the element starting with: "return new Za.prototype.init(a,b,c,d,e)}m.Tween=Za,Za.prototype={constructor:Za,init:function(a,b,c,d,e,f){this.elem=a,this.prop", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/payment-gateway/assets/js/jquery.min.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/payment-gateway/assets/js/treemenu.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: " * a button from firing. ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/payment-gateway/assets/js/util.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected 3 times, the first in the element starting with: " * Generate an indented list of links from a nav. Meant for use with panel(). ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/payment-gateway/assets/js/util.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected in the element starting with: " $this.find('select') ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/payment-gateway/assets/js/util.js
Method GET
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: " * @param {object} userConfig User config. ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/jquery.js
Method GET
Parameter
Attack
Evidence db
Other Info The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/jquery.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "},cur:function(){var a=Zb.propHooks[this.prop];return a&&a.get?a.get(this):Zb.propHooks._default.get(this)},run:function(a){var ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/test.js
Method GET
Parameter
Attack
Evidence From
Other Info The following pattern was used: \bFROM\b and was detected 2 times, the first in the element starting with: " document.getElementById('message26').innerHTML="From Date Field must not be blank";", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/test.js
Method GET
Parameter
Attack
Evidence Select
Other Info The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: " if(acc1 == "Select Account")", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/test.js
Method GET
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: " document.getElementById('message23').innerHTML="User-ID must not be blank";", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/treemenu.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: " * a button from firing. ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/seo/js/b40b8f484a50c7147e39e067a6f3d6ef_0.js
Method GET
Parameter
Attack
Evidence query
Other Info The following pattern was used: \bQUERY\b and was detected in the element starting with: "!function(t){"use strict";t(function(){t.support.transition=function(){var t=function(){var t,e=document.createElement("bootstra", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/seo/js/b40b8f484a50c7147e39e067a6f3d6ef_0.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "(function(b,f){var a=0,e=/^ui-id-\d+$/;b.ui=b.ui||{};if(b.ui.version){return}b.extend(b.ui,{version:"1.9.2",keyCode:{BACKSPACE:8", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/seo/js/jquery.min.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "!function(e,t){"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.docu", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/telecom/assets/js/jquery.js
Method GET
Parameter
Attack
Evidence db
Other Info The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/telecom/assets/js/jquery.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "},cur:function(){var a=Zb.propHooks[this.prop];return a&&a.get?a.get(this):Zb.propHooks._default.get(this)},run:function(a){var ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/telecom/assets/js/jquery.min.js
Method GET
Parameter
Attack
Evidence db
Other Info The following pattern was used: \bDB\b and was detected in the element starting with: "return new Za.prototype.init(a,b,c,d,e)}m.Tween=Za,Za.prototype={constructor:Za,init:function(a,b,c,d,e,f){this.elem=a,this.prop", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/telecom/assets/js/jquery.min.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/telecom/assets/js/test.js
Method GET
Parameter
Attack
Evidence From
Other Info The following pattern was used: \bFROM\b and was detected 2 times, the first in the element starting with: " document.getElementById('message26').innerHTML="From Date Field must not be blank";", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/telecom/assets/js/test.js
Method GET
Parameter
Attack
Evidence Select
Other Info The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: " if(acc1 == "Select Account")", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/telecom/assets/js/test.js
Method GET
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: " document.getElementById('message23').innerHTML="User-ID must not be blank";", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/telecom/assets/js/treemenu.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: " * a button from firing. ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/telecom/assets/js/util.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected 3 times, the first in the element starting with: " * Generate an indented list of links from a nav. Meant for use with panel(). ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/telecom/assets/js/util.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected in the element starting with: " $this.find('select') ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/telecom/assets/js/util.js
Method GET
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: " * @param {object} userConfig User config. ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/accountingjs/jquery-ui.min.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "this._rearrange(e,s),this._trigger("change",e,this._uiHash());break}return this._contactContainers(e),t.ui.ddmanager&&t.ui.ddman", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/accountingjs/jquery-ui.min.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected 5 times, the first in the element starting with: "(function(t,e){function i(e,i){var n,o,a,r=e.nodeName.toLowerCase();return"area"===r?(n=e.parentNode,o=n.name,e.href&&o&&"map"==", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/accountingjs/lesson6.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: " // To remove item from other shopping chart do this ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/accountingjs/lesson6.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected in the element starting with: " var s="Please select another block"; ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/guru99home/js/jquery.min.js
Method GET
Parameter
Attack
Evidence db
Other Info The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "}return c}function Q(a){var b;for(b in a)if(("data"!==b||!n.isEmptyObject(a[b]))&&"toJSON"!==b)return!1;return!0}function R(a,b,", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/guru99home/js/jquery.min.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/image_upload/scripts/jquery.form.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: " var httpData = function( xhr, type, s ) { // mostly lifted from jq1.4.4", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/image_upload/scripts/jquery.form.js
Method GET
Parameter
Attack
Evidence later
Other Info The following pattern was used: \bLATER\b and was detected in the element starting with: " * @requires jQuery v1.3.2 or later", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/image_upload/scripts/jquery.form.js
Method GET
Parameter
Attack
Evidence query
Other Info The following pattern was used: \bQUERY\b and was detected 2 times, the first in the element starting with: " options.data = q; // data is the query string for 'post'", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/image_upload/scripts/jquery.form.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected 13 times, the first in the element starting with: " tag == 'select' && el.selectedIndex == -1)) {", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/image_upload/scripts/jquery.form.js
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 2 times, the first in the element starting with: " // options.iframe allows user to force iframe mode", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/image_upload/scripts/jquery.form.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: " * [ { name: 'username', value: 'jresig' }, { name: 'password', value: 'secret' } ]", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/image_upload/scripts/jquery.min.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "(function(a,b){function cw(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function ct(a){if(!ch[a]){v", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/js/jquery.js
Method GET
Parameter
Attack
Evidence db
Other Info The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/js/jquery.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "},cur:function(){var a=Zb.propHooks[this.prop];return a&&a.get?a.get(this):Zb.propHooks._default.get(this)},run:function(a){var ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/js/jquery.min.js
Method GET
Parameter
Attack
Evidence db
Other Info The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "}return c}function Q(a){var b;for(b in a)if(("data"!==b||!n.isEmptyObject(a[b]))&&"toJSON"!==b)return!1;return!0}function R(a,b,", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/js/jquery.min.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/js/jquery.tools.min.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "(function(a,b){function c(a){return K.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function d(a){if(!cl[a]){var", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/js/jquery.tools.min.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: ";if((!K.support.noCloneEvent||!K.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!K.isXMLDoc(a)){u(a,d),e=t(a),f=t(d", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/js/treemenu.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: " * a button from firing. ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> /* <![CDATA[ */ var CrayonSyntaxSettings = {"version":"2.7.1","is_admin":"0","ajaxurl":"http:\", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/upload/
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "<script language="JavaScript"> <!-- var NoFileSelected='You must select a file to upload!'; var SenderRequired='You need enter y", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/V1/JavaScript/jquery.js
Method GET
Parameter
Attack
Evidence db
Other Info The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/V1/JavaScript/jquery.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "},cur:function(){var a=Zb.propHooks[this.prop];return a&&a.get?a.get(this):Zb.propHooks._default.get(this)},run:function(a){var ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/V1/JavaScript/test.js
Method GET
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: " document.getElementById('message23').innerHTML="User-ID must not be blank";", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/V1/JavaScript/treemenu.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: " * a button from firing. ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/V4/JavaScript/jquery.js
Method GET
Parameter
Attack
Evidence db
Other Info The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/V4/JavaScript/jquery.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "},cur:function(){var a=Zb.propHooks[this.prop];return a&&a.get?a.get(this):Zb.propHooks._default.get(this)},run:function(a){var ", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/V4/JavaScript/treemenu.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: " * a button from firing. ", see evidence field for the suspicious comment/snippet.
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/complexMessageDocumentWriteEval
Method GET
Parameter
Attack
Evidence debug
Other Info The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script> const postMessageHandler = function(msg) { let action = msg.data.action; if(action === 'exec') { eval(msg", see evidence field for the suspicious comment/snippet.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO/
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithXFO
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithXFO/
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO/
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithXFO
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithXFO/
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback/
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter/
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script> function calculatePremium(){ //alert("abc"); var value=$("#quotation_vehicle_attributes_value").val(); if(value>1", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/about.jsp
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/admin.jsp
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/advanced.jsp
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/basket.jsp
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/contact.jsp
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/home.jsp
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=1
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=10
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=11
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=12
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=13
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=14
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=15
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=16
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=17
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=18
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=19
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=2
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=20
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=21
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=22
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=23
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=24
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=25
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=26
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=27
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=28
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=29
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=3
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=30
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=31
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=32
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=4
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=5
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=6
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=7
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=8
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?prodid=9
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?typeid=1
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?typeid=2
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?typeid=3
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?typeid=4
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?typeid=5
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?typeid=6
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/product.jsp?typeid=7
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/register.jsp
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/score.jsp
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/search.jsp
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/search.jsp?q=ZAP
Method GET
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/
Method GET
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20
Method GET
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Agile_Project/Agi_V1/
Method GET
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method GET
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method GET
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/guru99home/
Method GET
Parameter
Attack
Evidence FROM
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "<!-- FILE ARCHIVED ON 1:21:14 May 19, 2014 AND RETRIEVED FROM THE INTERNET ARCHIVE ON 5:45:56 Feb 21, 2017. JA", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/guru99home/scrolling.html
Method GET
Parameter
Attack
Evidence FROM
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "<!-- FILE ARCHIVED ON 1:21:14 May 19, 2014 AND RETRIEVED FROM THE INTERNET ARCHIVE ON 5:45:56 Feb 21, 2017. JAVAS", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/test/yahoo.html
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: "<!-- Never leave a conversation. Stay signed in while you go from computer to tablet to phone, and continue your conversation wh", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/V1/index.php
Method GET
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/contact.jsp
Method POST
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/login.jsp
Method POST
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL http://localhost:8090/bodgeit/register.jsp
Method POST
Parameter
Attack
Evidence admin
Other Info The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method POST
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected 2 times, the first in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/index.php
Method POST
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method POST
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected 2 times, the first in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet.
URL https://demo.guru99.com/V1/index.php
Method POST
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected 2 times, the first in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet.
Instances 175
Solution
Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.
Reference
CWE Id 200
WASC Id 13
Plugin Id 10027
Informational
Loosely Scoped Cookie
Description
Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.
URL http://localhost:8090/bodgeit/basket.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=3
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=0448AB0ED6C91159919BE73F6345C0E6
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=18A2EBFF4936320AD1EEEB3341EA01D4
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=33A3FE8B6A527DFCE7620B20529C12FA
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=349AB47B1061CA62238BE6A6BCDAFAD3
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=407DA006AECE494123A04506F2A9ECF5
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=4FCFE06C13D66C24B15F864A11B997DD
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=5A33F137A0FD627F4A5B3D11D1B919F3
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=5CBD62F159DD658A5E184BC3BD37AECC
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=8734D1E46777342DC2EE83B007CD8EE2
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=89B02A2B79F75F1410E0DB98BC30C6D1
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=8B82FF2CC59E8AB6C9F17F559D8F5ED4
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=915845EFFA5D761964C6AD07A128B10B
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=941168C38845F38E8040154C137DB877
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=9A10441F243BECEE482B21769735A095
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=A22DB34A8772A4D608E34159C47C453C
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=A4E25C37053DD56A9040B2A164B79553
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=B584B16C385F31F10E354FCCE4800152
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=CACF37E8136A2983FB6567152E055AF2
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=F4CDC10F5A22EEDA573DFDC5FA5A7015
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=FE69E7782CB979AA91DE758AEE96CED9
URL http://localhost:8090/bodgeit/product.jsp?typeid=1
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=7500A83A3DB4C96BB1DE351A7091E5D0
URL http://localhost:8090/bodgeit/product.jsp?typeid=2
Method GET
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost JSESSIONID=A329FA556790B84292975A3CA0E173AB
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=14
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=17
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=19
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=23
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=24
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=26
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=27
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=31
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=33
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=35
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=37
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=42
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=55
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=56
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=58
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=66
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence
Other Info The origin domain used for comparison was: localhost b_id=67
Instances 40
Solution
Always scope cookies to a FQDN (Fully Qualified Domain Name).
Reference https://tools.ietf.org/html/rfc6265#section-4.1
https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html
https://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies
CWE Id 565
WASC Id 15
Plugin Id 90033
Informational
Modern Web Application
Description
The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.
URL http://localhost:8090/bodgeit/product.jsp?prodid=1
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=10
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=11
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=12
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=13
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=14
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=15
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=16
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=17
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=18
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=19
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=2
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=20
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=21
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=22
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=23
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=24
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=25
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=26
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=27
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=28
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=29
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=3
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=30
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=31
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=32
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=4
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=5
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=6
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=7
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=8
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/product.jsp?prodid=9
Method GET
Parameter
Attack
Evidence <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/Agile_Project/Agi_V1/
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/insurance/v1/header.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/insurance/v1/index.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/insurance/v1/register.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/payment-gateway/cardnumber.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/payment-gateway/index.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/payment-gateway/purchasetoy.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/seo/page-1.html
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="font-size: 14px;margin-left: 150px;">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/seo/page-2.html
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="font-size: 14px;margin-left: 150px;">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/seo/page-3.html
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="font-size: 14px;margin-left: 150px;">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/seo/page-4.html
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="font-size: 14px;margin-left: 150px;">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/seo/page-5.html
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="font-size: 14px;margin-left: 150px;">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/seo/page-6.html
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="font-size: 14px;margin-left: 150px;">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/telecom/access.php?uid=063675
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/telecom/access.php?uid=069466
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/telecom/access.php?uid=936997
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/telecom/addcustomer.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/telecom/addtariffplans.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/telecom/billing.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/
Method GET
Parameter
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/ajax.html
Method GET
Parameter
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/ajax.html?name=ZAP
Method GET
Parameter
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/autoit.html
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="text-shadow:none;margin-left: 200px;">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/birthdate.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/cookie/selenium_aut.php
Method GET
Parameter
Attack
Evidence <script src="../js/jquery.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/delete_customer.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/drag_drop.html
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="margin-left:200px;">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/flash-testing.html
Method GET
Parameter
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/guru99home/
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="font-size: 14px;margin-left: 200px;">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/guru99home/scrolling.html
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="text-shadow:none;font-size: 14px;margin-left: 200px;">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/image_upload/
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/login.html
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="font-size: 14px;color:#FFF;font-weight:700">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/newtours/
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/newtours/index.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/newtours/login.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/newtours/register.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/newtours/reservation.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/newtours/reservation2.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/newtours/support.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/radio.html
Method GET
Parameter
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="margin-top: -50px !important;margin-left: 100px;text-decoration: none;">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/table.html
Method GET
Parameter
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/tooltip.html
Method GET
Parameter
Attack
Evidence <a id="download_now">Download now</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/upload/
Method GET
Parameter
Attack
Evidence <a name="up"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/yahoo.html
Method GET
Parameter
Attack
Evidence <a name="skip-nav" id="skip-nav"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/V1/index.php
Method GET
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/baseURI/documentwrite
Method GET
Parameter
Attack
Evidence <script> var payload = document.baseURI; document.write(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/documentURI/documentwrite
Method GET
Parameter
Attack
Evidence <script> var payload = document.documentURI; document.write(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location.hash/assign
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.hash.substr(1);window.location.assign(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location.hash/documentwrite
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.hash.substr(1);document.write(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location.hash/documentwriteln
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.hash.substr(1);document.writeln(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location.hash/eval
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.hash.substr(1);eval(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location.hash/formaction
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.hash.substr(1);var form = document.createElement('form'); form.setAttribute('action', payload); form.innerHTML = '<input type=\'submit\'></input>'; document.documentElement.appendChild(form); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location.hash/function
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.hash.substr(1);var f = new Function(payload); f(); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location.hash/inlineevent
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.hash.substr(1);var div = document.createElement('div'); div.innerHTML = '<div onclick=\'' + payload.replace(/'/g, '"') + '\'>div</div>'; document.documentElement.appendChild(div); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location.hash/innerHtml
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.hash.substr(1);var div = document.createElement('div'); div.id = 'divEl'; document.documentElement.appendChild(div); var divEl = document.getElementById('divEl'); divEl.innerHTML = payload; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location.hash/jshref
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.hash.substr(1);var a = document.createElement('a'); a.setAttribute('href', payload); document.documentElement.appendChild(a); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location.hash/onclickAddEventListener
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.hash.substr(1);var div = document.createElement('div'); div.addEventListener('click', new Function(payload), false); document.documentElement.appendChild(div); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location.hash/onclickSetAttribute
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.hash.substr(1);var div = document.createElement('div'); div.setAttribute('onclick', payload); document.documentElement.appendChild(div); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location.hash/rangeCreateContextualFragment
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.hash.substr(1);var div = document.createElement('div'); div.id = 'divEl'; document.documentElement.appendChild(div); var range = document.createRange(); // make the parent of the first div in the document becomes the context node range.selectNode(document.getElementsByTagName("div").item(0)); var documentFragment = range.createContextualFragment(payload); document.body.appendChild(documentFragment); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location.hash/replace
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.hash.substr(1);location.replace(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location.hash/setTimeout
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.hash.substr(1);setTimeout('var a=a;' + payload, 1); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location/assign
Method GET
Parameter
Attack
Evidence <script> var payload = window.location; window.location.assign(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location/documentwrite
Method GET
Parameter
Attack
Evidence <script> var payload = window.location; document.write(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location/documentwriteln
Method GET
Parameter
Attack
Evidence <script> var payload = window.location; document.writeln(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location/eval
Method GET
Parameter
Attack
Evidence <script> var payload = window.location; eval(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location/innerHtml
Method GET
Parameter
Attack
Evidence <script> var payload = window.location; var div = document.createElement('div'); div.id = 'divEl'; document.documentElement.appendChild(div); var divEl = document.getElementById('divEl'); divEl.innerHTML = payload; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location/rangeCreateContextualFragment
Method GET
Parameter
Attack
Evidence <script> var payload = window.location; var div = document.createElement('div'); div.id = 'divEl'; document.documentElement.appendChild(div); var range = document.createRange(); // make the parent of the first div in the document becomes the context node range.selectNode(document.getElementsByTagName("div").item(0)); var documentFragment = range.createContextualFragment(payload); document.body.appendChild(documentFragment); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location/replace
Method GET
Parameter
Attack
Evidence <script> var payload = window.location; location.replace(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/location/setTimeout
Method GET
Parameter
Attack
Evidence <script> var payload = window.location; setTimeout('var a=a;' + payload, 1); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/locationhref/documentwrite
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.href; document.write(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/locationpathname/documentwrite
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.pathname; document.write(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/locationsearch/documentwrite
Method GET
Parameter
Attack
Evidence <script> var payload = window.location.search.substr(1); document.write(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/URL/documentwrite
Method GET
Parameter
Attack
Evidence <script> var payload = document.URL; document.write(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/address/URLUnencoded/documentwrite
Method GET
Parameter
Attack
Evidence <script> var payload = document.URLUnencoded; document.write(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body/1.1.5?q=test
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.1.5/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.0?q=test
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.18?q=test
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.18/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.19?q=test
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.19/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body/1.2.24?q=test
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.24/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body/1.4.0?q=test
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body/1.6.0?q=test
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body_alt_symbols/1.4.0?q=test
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body_alt_symbols_raw/1.6.0?q=test
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_ng/1.4.0?q=test
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng/1.4.0?q=test
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng_raw/1.4.0?q=test
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body_raw/1.4.0?q=test
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body_raw_escaped/1.4.0?q=test
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body_raw_escaped_alt_symbols/1.4.0?q=test
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_cookie_parse/1.6.0
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_form_parse/1.6.0
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_post_message_parse/1.6.0
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_storage_parse/1.6.0
Method GET
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/cors/alloworigin/allowInsecureScheme
Method GET
Parameter
Attack
Evidence <script> var xhr = new XMLHttpRequest(); xhr.open('POST', location.href, true); xhr.send(); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/cors/alloworigin/allowNullOrigin
Method GET
Parameter
Attack
Evidence <script> var xhr = new XMLHttpRequest(); xhr.open('POST', location.href, true); xhr.send(); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginEndsWith
Method GET
Parameter
Attack
Evidence <script> var xhr = new XMLHttpRequest(); xhr.open('POST', location.href, true); xhr.send(); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginProtocolDowngrade
Method GET
Parameter
Attack
Evidence <script> var xhr = new XMLHttpRequest(); xhr.open('POST', location.href, true); xhr.send(); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginRegexDot
Method GET
Parameter
Attack
Evidence <script> var xhr = new XMLHttpRequest(); xhr.open('POST', location.href, true); xhr.send(); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/cors/alloworigin/allowOriginStartsWith
Method GET
Parameter
Attack
Evidence <script> var xhr = new XMLHttpRequest(); xhr.open('POST', location.href, true); xhr.send(); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/cors/alloworigin/dynamicAllowOrigin
Method GET
Parameter
Attack
Evidence <script> var xhr = new XMLHttpRequest(); xhr.open('POST', location.href, true); xhr.send(); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/dompropagation
Method GET
Parameter
Attack
Evidence <script> // Writing to DOM attribute document.title and // reading back propagates the XSS payload. var payload = location.hash.substr(1); window.status = payload; var retrieved_payload = window.status; eval(retrieved_payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/dompropagation/
Method GET
Parameter
Attack
Evidence <script> // Writing to DOM attribute document.title and // reading back propagates the XSS payload. var payload = location.hash.substr(1); window.status = payload; var retrieved_payload = window.status; eval(retrieved_payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/documentWrite
Method GET
Parameter
Attack
Evidence <script> function deferredPayload() { // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } }var form = document.createElement('form'); var input = document.createElement('input'); input.setAttribute('id', 'userInput'); var submit = document.createElement('input'); submit.setAttribute('type', 'submit'); form.setAttribute('action', '#'); form.appendChild(input); form.appendChild(submit); var payload = ''; form.onsubmit = function() { payload = document.getElementById('userInput').value; deferredPayload(); return false; }; document.body.appendChild(form);// Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/eval
Method GET
Parameter
Attack
Evidence <script> function deferredPayload() { // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; }var form = document.createElement('form'); var input = document.createElement('input'); input.setAttribute('id', 'userInput'); var submit = document.createElement('input'); submit.setAttribute('type', 'submit'); form.setAttribute('action', '#'); form.appendChild(input); form.appendChild(submit); var payload = ''; form.onsubmit = function() { payload = document.getElementById('userInput').value; deferredPayload(); return false; }; document.body.appendChild(form);// Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/innerHtml
Method GET
Parameter
Attack
Evidence <script> function deferredPayload() { var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; }var form = document.createElement('form'); var input = document.createElement('input'); input.setAttribute('id', 'userInput'); var submit = document.createElement('input'); submit.setAttribute('type', 'submit'); form.setAttribute('action', '#'); form.appendChild(input); form.appendChild(submit); var payload = ''; form.onsubmit = function() { payload = document.getElementById('userInput').value; deferredPayload(); return false; }; document.body.appendChild(form);var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/documentWrite
Method GET
Parameter
Attack
Evidence <script> function deferredPayload() { // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } }// Trigger XSS by waiting for typing events / watch for change on an input field. var input = document.createElement('input'); input.setAttribute('type', 'text'); var payload = ''; function xssIt(e) { payload = e.target.value; deferredPayload(); } input.addEventListener('keyup', xssIt); input.addEventListener('change', xssIt); document.body.appendChild(input);// Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/eval
Method GET
Parameter
Attack
Evidence <script> function deferredPayload() { // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; }// Trigger XSS by waiting for typing events / watch for change on an input field. var input = document.createElement('input'); input.setAttribute('type', 'text'); var payload = ''; function xssIt(e) { payload = e.target.value; deferredPayload(); } input.addEventListener('keyup', xssIt); input.addEventListener('change', xssIt); document.body.appendChild(input);// Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/innerHtml
Method GET
Parameter
Attack
Evidence <script> function deferredPayload() { var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; }// Trigger XSS by waiting for typing events / watch for change on an input field. var input = document.createElement('input'); input.setAttribute('type', 'text'); var payload = ''; function xssIt(e) { payload = e.target.value; deferredPayload(); } input.addEventListener('keyup', xssIt); input.addEventListener('change', xssIt); document.body.appendChild(input);var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie
Method GET
Parameter
Attack
Evidence <script> /* * Return the value of the first cookie with the given name. */ var lookupCookie = function(name) { var parts = document.cookie.split(/\s*;\s*/); var nameEq = name + '='; for (var i = 0; i < parts.length; i++) { if (parts[i].indexOf(nameEq) == 0) { return parts[i].substr(nameEq.length); } } }; var payload = lookupCookie('ThisCookieIsTotallyRandomAndCantPossiblyBeSet'); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie/eval
Method GET
Parameter
Attack
Evidence <script> /* * Return the value of the first cookie with the given name. */ var lookupCookie = function(name) { var parts = document.cookie.split(/\s*;\s*/); var nameEq = name + '='; for (var i = 0; i < parts.length; i++) { if (parts[i].indexOf(nameEq) == 0) { return parts[i].substr(nameEq.length); } } }; var payload = lookupCookie('ThisCookieIsTotallyRandomAndCantPossiblyBeSet'); // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set
Method GET
Parameter
Attack
Evidence <script> /* * Return the value of the first cookie with the given name. */ function lookupCookie(name) { var parts = document.cookie.split(/\s*;\s*/); var nameEq = name + '='; for (var i = 0; i < parts.length; i++) { if (parts[i].indexOf(nameEq) == 0) { return parts[i].substr(nameEq.length); } } } // Pre-seed the cookie, if it has not been set yet. if (!lookupCookie('badValue')) { document.cookie = 'badValue="a"'; } var payload = lookupCookie('badValue'); setTimeout(function() { trigger(lookupCookie('badValue')); }, 10); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/documentWrite
Method GET
Parameter
Attack
Evidence <script> /* * Return the value of the first cookie with the given name. */ function lookupCookie(name) { var parts = document.cookie.split(/\s*;\s*/); var nameEq = name + '='; for (var i = 0; i < parts.length; i++) { if (parts[i].indexOf(nameEq) == 0) { return parts[i].substr(nameEq.length); } } } // Pre-seed the cookie, if it has not been set yet. if (!lookupCookie('badValue')) { document.cookie = 'badValue="a"'; } var payload = lookupCookie('badValue'); setTimeout(function() { trigger(lookupCookie('badValue')); }, 10); // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/eval
Method GET
Parameter
Attack
Evidence <script> /* * Return the value of the first cookie with the given name. */ function lookupCookie(name) { var parts = document.cookie.split(/\s*;\s*/); var nameEq = name + '='; for (var i = 0; i < parts.length; i++) { if (parts[i].indexOf(nameEq) == 0) { return parts[i].substr(nameEq.length); } } } // Pre-seed the cookie, if it has not been set yet. if (!lookupCookie('badValue')) { document.cookie = 'badValue="a"'; } var payload = lookupCookie('badValue'); setTimeout(function() { trigger(lookupCookie('badValue')); }, 10); // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/innerHtml
Method GET
Parameter
Attack
Evidence <script> /* * Return the value of the first cookie with the given name. */ function lookupCookie(name) { var parts = document.cookie.split(/\s*;\s*/); var nameEq = name + '='; for (var i = 0; i < parts.length; i++) { if (parts[i].indexOf(nameEq) == 0) { return parts[i].substr(nameEq.length); } } } // Pre-seed the cookie, if it has not been set yet. if (!lookupCookie('badValue')) { document.cookie = 'badValue="a"'; } var payload = lookupCookie('badValue'); setTimeout(function() { trigger(lookupCookie('badValue')); }, 10); var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer
Method GET
Parameter
Attack
Evidence <script> if (document.referrer == "") { // If the referrer is not set, we set the referrer by reloading the page. location.href = location.href; } else { // Modern browsers escape the referrer. We unescape it to make it dangerous. var payload = unescape(document.referrer); setTimeout(function() { trigger(document.referrer); }, 10); } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/documentWrite
Method GET
Parameter
Attack
Evidence <script> if (document.referrer == "") { // If the referrer is not set, we set the referrer by reloading the page. location.href = location.href; } else { // Modern browsers escape the referrer. We unescape it to make it dangerous. var payload = unescape(document.referrer); setTimeout(function() { trigger(document.referrer); }, 10); } // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/eval
Method GET
Parameter
Attack
Evidence <script> if (document.referrer == "") { // If the referrer is not set, we set the referrer by reloading the page. location.href = location.href; } else { // Modern browsers escape the referrer. We unescape it to make it dangerous. var payload = unescape(document.referrer); setTimeout(function() { trigger(document.referrer); }, 10); } // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/innerHtml
Method GET
Parameter
Attack
Evidence <script> if (document.referrer == "") { // If the referrer is not set, we set the referrer by reloading the page. location.href = location.href; } else { // Modern browsers escape the referrer. We unescape it to make it dangerous. var payload = unescape(document.referrer); setTimeout(function() { trigger(document.referrer); }, 10); } var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/array/eval
Method GET
Parameter
Attack
Evidence <script src="/dom/toxicdomscripts/localStorage/array/eval"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/documentWrite
Method GET
Parameter
Attack
Evidence <script src="/dom/toxicdomscripts/localStorage/function/documentWrite"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/eval
Method GET
Parameter
Attack
Evidence <script src="/dom/toxicdomscripts/localStorage/function/eval"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/innerHtml
Method GET
Parameter
Attack
Evidence <script src="/dom/toxicdomscripts/localStorage/function/innerHtml"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/property/documentWrite
Method GET
Parameter
Attack
Evidence <script src="/dom/toxicdomscripts/localStorage/property/documentWrite"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/array/eval
Method GET
Parameter
Attack
Evidence <script src="/dom/toxicdomscripts/sessionStorage/array/eval"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/documentWrite
Method GET
Parameter
Attack
Evidence <script src="/dom/toxicdomscripts/sessionStorage/function/documentWrite"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/eval
Method GET
Parameter
Attack
Evidence <script src="/dom/toxicdomscripts/sessionStorage/function/eval"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/innerHtml
Method GET
Parameter
Attack
Evidence <script src="/dom/toxicdomscripts/sessionStorage/function/innerHtml"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/property/documentWrite
Method GET
Parameter
Attack
Evidence <script src="/dom/toxicdomscripts/sessionStorage/property/documentWrite"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/array
Method GET
Parameter
Attack
Evidence <script> if (!localStorage['badValue']) { localStorage['badValue'] = Math.random(); } var payload = localStorage['badValue']; setTimeout(function() { trigger(localStorage['badValue']); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. localStorage.clear(); }, 10); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/array/eval
Method GET
Parameter
Attack
Evidence <script> if (!localStorage['badValue']) { localStorage['badValue'] = Math.random(); } var payload = localStorage['badValue']; setTimeout(function() { trigger(localStorage['badValue']); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. localStorage.clear(); }, 10); // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function
Method GET
Parameter
Attack
Evidence <script> if (!localStorage.getItem('badValue')) { localStorage.setItem('badValue', Math.random()); } var payload = localStorage.getItem('badValue'); // Using sync trigger. setTimeout(function() { trigger(localStorage.getItem('badValue')); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. localStorage.clear(); }, 10); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/documentWrite
Method GET
Parameter
Attack
Evidence <script> if (!localStorage.getItem('badValue')) { localStorage.setItem('badValue', Math.random()); } var payload = localStorage.getItem('badValue'); // Using sync trigger. setTimeout(function() { trigger(localStorage.getItem('badValue')); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. localStorage.clear(); }, 10); // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/eval
Method GET
Parameter
Attack
Evidence <script> if (!localStorage.getItem('badValue')) { localStorage.setItem('badValue', Math.random()); } var payload = localStorage.getItem('badValue'); // Using sync trigger. setTimeout(function() { trigger(localStorage.getItem('badValue')); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. localStorage.clear(); }, 10); // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/innerHtml
Method GET
Parameter
Attack
Evidence <script> if (!localStorage.getItem('badValue')) { localStorage.setItem('badValue', Math.random()); } var payload = localStorage.getItem('badValue'); // Using sync trigger. setTimeout(function() { trigger(localStorage.getItem('badValue')); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. localStorage.clear(); }, 10); var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/property
Method GET
Parameter
Attack
Evidence <script> if (!localStorage.badValue) { localStorage.badValue = Math.random(); } var payload = localStorage.badValue; setTimeout(function() { trigger(localStorage.badValue); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. localStorage.clear(); }, 10); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/localStorage/property/documentWrite
Method GET
Parameter
Attack
Evidence <script> if (!localStorage.badValue) { localStorage.badValue = Math.random(); } var payload = localStorage.badValue; setTimeout(function() { trigger(localStorage.badValue); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. localStorage.clear(); }, 10); // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/complexMessageDocumentWriteEval
Method GET
Parameter
Attack
Evidence <script> const postMessageHandler = function(msg) { let action = msg.data.action; if(action === 'exec') { eval(msg.data.payload); } else if (action === 'addImage') { document.write('<img href='+ msg.data.source + '>'); } else if (action === 'addHtml') { document.write(msg.data.html); } else { console.debug('unsupported command'); } }; window.addEventListener('message', postMessageHandler, false); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/documentWrite
Method GET
Parameter
Attack
Evidence <script> var postMessageHandler = function(msg) { var content = JSON.parse(msg.data); document.write('<scr' + 'ipt src="' + content.url +'"></scr' + 'ipt>'); }; window.addEventListener('message', postMessageHandler, false); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/eval
Method GET
Parameter
Attack
Evidence <script> var postMessageHandler = function(msg) { var content = msg.data; var msgObj = eval(content); if (msgObj.isActive) { document.write("PostMessage arrived!"); } } window.addEventListener('message', postMessageHandler, false); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/improperOriginValidationWithPartialStringComparison
Method GET
Parameter
Attack
Evidence <script> var postMessageHandler = function(msg) { if (msg.origin.includes('www.google.com')) { eval(msg.data); } } window.addEventListener('message', postMessageHandler, false); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/improperOriginValidationWithRegExp
Method GET
Parameter
Attack
Evidence <script> var postMessageHandler = function(msg) { const originRegExp = /https?:\/\/www.google.com/ if (msg.origin.match(originRegExp)) { eval(msg.data); } } window.addEventListener('message', postMessageHandler, false); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/postMessage/innerHtml
Method GET
Parameter
Attack
Evidence <script> var postMessageHandler = function(msg) { var content = JSON.parse(msg.data); var div = document.createElement('div'); div.innerHTML = content.html; document.documentElement.appendChild(div); }; window.addEventListener('message', postMessageHandler, false); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/array
Method GET
Parameter
Attack
Evidence <script> if (!sessionStorage['badValue']) { sessionStorage['badValue'] = Math.random(); } var payload = sessionStorage['badValue']; setTimeout(function() { trigger(sessionStorage['badValue']); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. sessionStorage.clear(); }, 10); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/array/eval
Method GET
Parameter
Attack
Evidence <script> if (!sessionStorage['badValue']) { sessionStorage['badValue'] = Math.random(); } var payload = sessionStorage['badValue']; setTimeout(function() { trigger(sessionStorage['badValue']); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. sessionStorage.clear(); }, 10); // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function
Method GET
Parameter
Attack
Evidence <script> if (!sessionStorage.getItem('badValue')) { sessionStorage.setItem('badValue', Math.random()); } var payload = sessionStorage.getItem('badValue'); // Using sync trigger. setTimeout(function() { trigger(sessionStorage.getItem('badValue')); // Clean up the sessionStorage to avoid side-effects on subsequent tests. sessionStorage.clear(); }, 10); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/documentWrite
Method GET
Parameter
Attack
Evidence <script> if (!sessionStorage.getItem('badValue')) { sessionStorage.setItem('badValue', Math.random()); } var payload = sessionStorage.getItem('badValue'); // Using sync trigger. setTimeout(function() { trigger(sessionStorage.getItem('badValue')); // Clean up the sessionStorage to avoid side-effects on subsequent tests. sessionStorage.clear(); }, 10); // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/eval
Method GET
Parameter
Attack
Evidence <script> if (!sessionStorage.getItem('badValue')) { sessionStorage.setItem('badValue', Math.random()); } var payload = sessionStorage.getItem('badValue'); // Using sync trigger. setTimeout(function() { trigger(sessionStorage.getItem('badValue')); // Clean up the sessionStorage to avoid side-effects on subsequent tests. sessionStorage.clear(); }, 10); // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/innerHtml
Method GET
Parameter
Attack
Evidence <script> if (!sessionStorage.getItem('badValue')) { sessionStorage.setItem('badValue', Math.random()); } var payload = sessionStorage.getItem('badValue'); // Using sync trigger. setTimeout(function() { trigger(sessionStorage.getItem('badValue')); // Clean up the sessionStorage to avoid side-effects on subsequent tests. sessionStorage.clear(); }, 10); var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/property
Method GET
Parameter
Attack
Evidence <script> if (!sessionStorage.badValue) { sessionStorage.badValue = Math.random(); } var payload = sessionStorage.badValue; setTimeout(function() { trigger(sessionStorage.badValue); // Using the async trigger. // Clean up the sessionStorage to avoid side-effects on subsequent tests. sessionStorage.clear(); }, 10) </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/property/documentWrite
Method GET
Parameter
Attack
Evidence <script> if (!sessionStorage.badValue) { sessionStorage.badValue = Math.random(); } var payload = sessionStorage.badValue; setTimeout(function() { trigger(sessionStorage.badValue); // Using the async trigger. // Clean up the sessionStorage to avoid side-effects on subsequent tests. sessionStorage.clear(); }, 10) // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name
Method GET
Parameter
Attack
Evidence <script> if (window.name == "") { window.name = "badvalue='a'"; } var payload = window.name; setTimeout(function() { trigger(window.name); }, 10); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name/documentWrite
Method GET
Parameter
Attack
Evidence <script> if (window.name == "") { window.name = "badvalue='a'"; } var payload = window.name; setTimeout(function() { trigger(window.name); }, 10); // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name/eval
Method GET
Parameter
Attack
Evidence <script> if (window.name == "") { window.name = "badvalue='a'"; } var payload = window.name; setTimeout(function() { trigger(window.name); }, 10); // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/dom/toxicdom/window/name/innerHtml
Method GET
Parameter
Attack
Evidence <script> if (window.name == "") { window.name = "badvalue='a'"; } var payload = window.name; setTimeout(function() { trigger(window.name); }, 10); var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/js/encodeURIComponent?q=a
Method GET
Parameter
Attack
Evidence <script> eval(encodeURIComponent('a')); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/js/escape?q=a
Method GET
Parameter
Attack
Evidence <script> eval(escape('a')); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/js/html_escape?q=a
Method GET
Parameter
Attack
Evidence <script>eval('a'.replace(/</g, '&lt;') .replace(/&/g, '&amp;') .replace(/>/g, '&gt;')); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_script?q=a
Method GET
Parameter
Attack
Evidence <script src="http://irrelevant.google.com?a"/>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_assignment?q=a
Method GET
Parameter
Attack
Evidence <script>var foo=a;</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_comment?q=a
Method GET
Parameter
Attack
Evidence <script>var foo=1; /* "a" */</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_eval?q=a
Method GET
Parameter
Attack
Evidence <script>a;</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_quoted_string?q=a
Method GET
Parameter
Attack
Evidence <script>var foo="a";</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_singlequoted_string?q=a
Method GET
Parameter
Attack
Evidence <script>var foo='a';</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_slashquoted_string?q=a
Method GET
Parameter
Attack
Evidence <script>var foo=/a/;</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/serverside/encodeUrl/tagname?q=a
Method GET
Parameter
Attack
Evidence <a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_script?q=a
Method GET
Parameter
Attack
Evidence <script src="http://irrelevant.google.com?a"/>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_assignment?q=a
Method GET
Parameter
Attack
Evidence <script>var foo=a;</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_comment?q=a
Method GET
Parameter
Attack
Evidence <script>var foo=1; /* "a" */</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_eval?q=a
Method GET
Parameter
Attack
Evidence <script>a;</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_quoted_string?q=a
Method GET
Parameter
Attack
Evidence <script>var foo="a";</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_singlequoted_string?q=a
Method GET
Parameter
Attack
Evidence <script>var foo='a';</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_slashquoted_string?q=a
Method GET
Parameter
Attack
Evidence <script>var foo=/a/;</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/escape/serverside/escapeHtml/tagname?q=a
Method GET
Parameter
Attack
Evidence <a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity.html
Method GET
Parameter
Attack
Evidence <script src="//nonexistent.google"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity_dynamically_added.html
Method GET
Parameter
Attack
Evidence <script> var script = document.createElement('script'); script.src = '//nonexistent.google'; document.body.append(script); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/leakedcookie/leakedinresource
Method GET
Parameter
Attack
Evidence <script src="leakedcookie.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/mixedcontent
Method GET
Parameter
Attack
Evidence <script src="http://public-firing-range.appspot.com/mixedcontent/script.js"> </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/mixedcontent/index.html
Method GET
Parameter
Attack
Evidence <script src="http://public-firing-range.appspot.com/mixedcontent/script.js"> </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reflected/parameter/attribute_script?q=a
Method GET
Parameter
Attack
Evidence <script src="http://irrelevant.google.com/a"/>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reflected/parameter/js_assignment?q=a
Method GET
Parameter
Attack
Evidence <script>var foo=a;</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reflected/parameter/js_comment?q=a
Method GET
Parameter
Attack
Evidence <script>var foo=1; /* "a" */</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reflected/parameter/js_eval?q=a
Method GET
Parameter
Attack
Evidence <script>eval("a");</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reflected/parameter/js_quoted_string?q=a
Method GET
Parameter
Attack
Evidence <script>var foo="a";</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reflected/parameter/js_singlequoted_string?q=a
Method GET
Parameter
Attack
Evidence <script>var foo='a';</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reflected/parameter/js_slashquoted_string?q=a
Method GET
Parameter
Attack
Evidence <script>var foo=/a/;</script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reflected/parameter/noscript?q=a
Method GET
Parameter
Attack
Evidence <noscript>a</noscript>
Other Info A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not.
URL https://public-firing-range.appspot.com/reflected/parameter/tagname?q=a
Method GET
Parameter
Attack
Evidence <a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reflected/url/script_src?q=a
Method GET
Parameter
Attack
Evidence <script src="a"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/remoteinclude/object_hash.html
Method GET
Parameter
Attack
Evidence <script> var target = location.hash.substr(1); var body = document.getElementsByTagName('body')[0]; var object = document.createElement('object'); object.data = target; body.appendChild(object); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://127.0.0.2/localhost_import.js
Method GET
Parameter
Attack
Evidence <script src="http://127.0.0.2/localhost_import.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js
Method GET
Parameter
Attack
Evidence <script src="http://192.168.1.2/private_network_import.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://g00gle.com/typosquatting_domain.js
Method GET
Parameter
Attack
Evidence <script src="http://g00gle.com/typosquatting_domain.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=https://google.com
Method GET
Parameter
Attack
Evidence <script src="https://google.com"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/remoteinclude/script_hash.html
Method GET
Parameter
Attack
Evidence <script> var target = location.hash.substr(1); var head = document.getElementsByTagName('head')[0]; var script = document.createElement('script'); script.type = 'text/javascript'; script.src = target; head.appendChild(script); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO
Method GET
Parameter
Attack
Evidence <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, only for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=' + q + ''; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO/
Method GET
Parameter
Attack
Evidence <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, only for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=' + q + ''; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithXFO
Method GET
Parameter
Attack
Evidence <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, only for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=' + q + ''; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithXFO/
Method GET
Parameter
Attack
Evidence <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, only for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=' + q + ''; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO
Method GET
Parameter
Attack
Evidence <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, only for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=callbackFunc'; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO/
Method GET
Parameter
Attack
Evidence <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, only for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=callbackFunc'; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithXFO
Method GET
Parameter
Attack
Evidence <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, only for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=callbackFunc'; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithXFO/
Method GET
Parameter
Attack
Evidence <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, only for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=callbackFunc'; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithoutXFO
Method GET
Parameter
Attack
Evidence <script src= '/reverseclickjacking/jsonpendpoint?q=&callback='></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithoutXFO/?q=foo
Method GET
Parameter
Attack
Evidence <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=foo'></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithXFO
Method GET
Parameter
Attack
Evidence <script src= '/reverseclickjacking/jsonpendpoint?q=&callback='></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithXFO/?q=foo
Method GET
Parameter
Attack
Evidence <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=foo'></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithoutXFO
Method GET
Parameter
Attack
Evidence <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=callbackFunc'></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithoutXFO/?q=%26callback%3Dfoo%23
Method GET
Parameter
Attack
Evidence <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=foo#&callback=callbackFunc'></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithXFO
Method GET
Parameter
Attack
Evidence <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=callbackFunc'></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithXFO/?q=%26callback%3Dfoo%23
Method GET
Parameter
Attack
Evidence <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=foo#&callback=callbackFunc'></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback
Method GET
Parameter
Attack
Evidence <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, just for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=' + q + ''; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback/
Method GET
Parameter
Attack
Evidence <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, just for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=' + q + ''; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter
Method GET
Parameter
Attack
Evidence <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, just for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=callbackFunc'; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter/
Method GET
Parameter
Attack
Evidence <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, just for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=callbackFunc'; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/InCallback
Method GET
Parameter
Attack
Evidence <script src= '/reverseclickjacking/jsonpendpoint?q=&callback='></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/InCallback/?q=urc_button.click
Method GET
Parameter
Attack
Evidence <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=urc_button.click'></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/OtherParameter
Method GET
Parameter
Attack
Evidence <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=callbackFunc'></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/OtherParameter/?q=%26callback%3Durc_button.click%23
Method GET
Parameter
Attack
Evidence <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=urc_button.click#&callback=callbackFunc'></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/a.href
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var anchor = document.createElement("a"); anchor.href = payload; anchor.text = "Here's an anchor link"; document.body.appendChild(anchor); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/base.href
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var baseElement = document.createElement("base"); baseElement.href = payload; document.head.appendChild(baseElement); var scriptTag = document.createElement("script"); scriptTag.src = "exploit.js"; document.body.appendChild(scriptTag); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/document.location
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); document.location = payload; </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/embed.src
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var embedElement = document.createElement("embed"); embedElement.src = payload; document.body.appendChild(embedElement); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/fetch
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var divElement = document.createElement('div'); var resourceUri= payload; fetch(resourceUri).then( function(response) { return response.text(); }).then(function(body) { divElement.innerHTML = body; }); document.body.appendChild(divElement); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/form.action
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var formElement = document.createElement("form"); formElement.action = payload; var inputElement = document.createElement("input"); inputElement.type = "submit"; inputElement.value = "Submit!"; formElement.appendChild(inputElement); document.body.appendChild(formElement); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/iframe.src
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var iframe = document.createElement("iframe"); iframe.src = payload; document.body.appendChild(iframe); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/input.formaction
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var form = document.createElement("form"); var input = document.createElement("input"); input.formAction = payload; input.type = "submit"; input.value = "submit!"; document.body.appendChild(form); form.appendChild(input); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/link.href
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var linkElement = document.createElement("link"); linkElement.rel = "import"; linkElement.href = payload; document.body.appendChild(linkElement); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/object.data
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var objectElement = document.createElement("object"); objectElement.data = payload; document.body.appendChild(objectElement); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/param.code.value
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var objectElement = document.createElement("object"); var paramTypeElement = document.createElement("param"); var paramCodeElement = document.createElement("param"); var paramAllowScriptAccessElement = document.createElement("param"); paramTypeElement.name = "type"; paramTypeElement.value = "application/x-shockwave-flash"; paramAllowScriptAccessElement.name = "allowScriptAccess"; paramAllowScriptAccessElement.value = "always"; paramCodeElement.name = "code"; paramCodeElement.value = payload; objectElement.appendChild(paramAllowScriptAccessElement); objectElement.appendChild(paramTypeElement); objectElement.appendChild(paramCodeElement); document.body.appendChild(objectElement); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/param.movie.value
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var objectElement = document.createElement("object"); var paramTypeElement = document.createElement("param"); var paramMovieElement = document.createElement("param"); var paramAllowScriptAccessElement = document.createElement("param"); paramTypeElement.name = "type"; paramTypeElement.value = "application/x-shockwave-flash"; paramAllowScriptAccessElement.name = "allowScriptAccess"; paramAllowScriptAccessElement.value = "always"; paramMovieElement.name = "movie"; paramMovieElement.value = payload; objectElement.appendChild(paramAllowScriptAccessElement); objectElement.appendChild(paramTypeElement); objectElement.appendChild(paramMovieElement); document.body.appendChild(objectElement); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/param.src.value
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var objectElement = document.createElement("object"); var paramTypeElement = document.createElement("param"); var paramSrcElement = document.createElement("param"); var paramAllowScriptAccessElement = document.createElement("param"); paramTypeElement.name = "type"; paramTypeElement.value = "application/x-shockwave-flash"; paramAllowScriptAccessElement.name = "allowScriptAccess"; paramAllowScriptAccessElement.value = "always"; paramSrcElement.name = "src"; paramSrcElement.value = payload; objectElement.appendChild(paramAllowScriptAccessElement); objectElement.appendChild(paramTypeElement); objectElement.appendChild(paramSrcElement); document.body.appendChild(objectElement); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/param.url.value
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var objectElement = document.createElement("object"); var paramTypeElement = document.createElement("param"); var paramUrlElement = document.createElement("param"); var paramAllowScriptAccessElement = document.createElement("param"); paramTypeElement.name = "type"; paramTypeElement.value = "application/x-shockwave-flash"; paramAllowScriptAccessElement.name = "allowScriptAccess"; paramAllowScriptAccessElement.value = "always"; paramUrlElement.name = "url"; paramUrlElement.value = payload; objectElement.appendChild(paramAllowScriptAccessElement); objectElement.appendChild(paramTypeElement); objectElement.appendChild(paramUrlElement); document.body.appendChild(objectElement); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/script.href
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var xmlns = "http://www.w3.org/2000/svg"; var svgElement = document.createElementNS(xmlns,"svg"); svgElement.setAttributeNS( "http://www.w3.org/2000/xmlns/", "xmlns:xlink", "http://www.w3.org/1999/xlink"); var scriptElement = document.createElementNS(xmlns,"script"); scriptElement.setAttributeNS( "http://www.w3.org/1999/xlink", "xlink:href", location.hash.substr(1)); svgElement.appendChild(scriptElement); document.body.appendChild(svgElement); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var scriptElement = document.createElement("script"); scriptElement.src = payload; document.body.appendChild(scriptElement); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_domain
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var scriptElement = document.createElement("script"); scriptElement.src = location.origin + payload + "/script.js"; document.body.appendChild(scriptElement); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_path
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var scriptElement = document.createElement("script"); scriptElement.src = "/" + payload; document.body.appendChild(scriptElement); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_query
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var scriptElement = document.createElement("script"); scriptElement.src = location.origin + "/urldom/jsonp?referrer=" + payload + "&callback=helloWorld"; document.body.appendChild(scriptElement); function helloWorld(data) { var divElement = document.createElement("div"); divElement.textContent = data["msg"]; document.body.appendChild(divElement); } </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/window.open
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); window.open(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/hash/xhr.open
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.hash.substr(1); var xhttp = new XMLHttpRequest(); xhttp.open("GET",payload,false); xhttp.send(); var div = document.createElement("div"); div.innerHTML=xhttp.responseText; document.body.appendChild(div); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/search/area.href?//example.org
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.search.substr(1); var area = document.createElement("area"); area.href = payload; area.textContent = "Here's an area element"; document.body.appendChild(area); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/search/button.formaction?//example.org
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.search.substr(1); var form = document.createElement("form"); var button = document.createElement("button"); button.formAction = payload; button.type = "submit"; button.textContent = "submit!"; document.body.appendChild(form); form.appendChild(button); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/search/frame.src?//example.org
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.search.substr(1); var frame = document.createElement("frame"); frame.src = payload; document.body.appendChild(frame); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/search/location.assign?//example.org
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.search.substr(1); location.assign(payload); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/urldom/location/search/svg.a?//example.org
Method GET
Parameter
Attack
Evidence <script> var payload = document.location.search.substr(1); var xmlns = "http://www.w3.org/2000/svg"; var svgElement = document.createElementNS(xmlns,"svg"); svgElement.setAttribute("width",500); svgElement.setAttribute("height",500); svgElement.setAttributeNS("http://www.w3.org/2000/xmlns/","xmlns:xlink","http://www.w3.org/1999/xlink"); var anchor = document.createElementNS(xmlns,"a"); anchor.setAttributeNS("http://www.w3.org/1999/xlink","xlink:href",payload); var text = document.createElementNS(xmlns,"text"); text.textContent = "This is an anchor element!"; text.setAttribute("x",60); text.setAttribute("y",21); text.setAttribute("fill","black"); anchor.appendChild(text); svgElement.appendChild(anchor); document.body.appendChild(svgElement); </script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/vulnerablelibraries/jquery.html
Method GET
Parameter
Attack
Evidence <script src="https://code.jquery.com/jquery-1.8.1.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <a href="#" onclick="decQuantity(10);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <a href="#" onclick="decQuantity(13);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <a href="#" onclick="decQuantity(17);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <a href="#" onclick="decQuantity(18);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <a href="#" onclick="decQuantity(19);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <a href="#" onclick="decQuantity(20);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <a href="#" onclick="decQuantity(21);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <a href="#" onclick="decQuantity(24);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <a href="#" onclick="decQuantity(27);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <a href="#" onclick="decQuantity(28);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <a href="#" onclick="decQuantity(5);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <a href="#" onclick="decQuantity(6);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <a href="#" onclick="decQuantity(7);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <a href="#" onclick="decQuantity(8);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter
Attack
Evidence <a href="#" onclick="decQuantity(9);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/index.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/insurance/v1/index.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/insurance/v1/register.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/insurance/v1/retrieve_quotation.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/payment-gateway/process_card.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/telecom/addtariffplans.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/telecom/billing.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/birthdate.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/cookie/selenium_cookie.php
Method POST
Parameter
Attack
Evidence <script src="../js/w3.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/delete_customer.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/flash-testing.html
Method POST
Parameter
Attack
Evidence <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/newtours/index.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/newtours/login.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/newtours/register.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/test/newtours/reservation2.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://demo.guru99.com/V1/index.php
Method POST
Parameter
Attack
Evidence <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0
Method POST
Parameter
Attack
Evidence <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script>
Other Info No links have been found while there are scripts, which is an indication that this is a modern web application.
Instances 327
Solution
This is an informational alert and so no changes are required.
Reference
CWE Id
WASC Id
Plugin Id 10109
Informational
Re-examine Cache-control Directives
Description
The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.
URL https://demo.guru99.com/
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/insurance/v1/register.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/payment-gateway/cardnumber.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/payment-gateway/index.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/payment-gateway/purchasetoy.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/robots.txt
Method GET
Parameter cache-control
Attack
Evidence max-age=172800
Other Info
URL https://demo.guru99.com/selenium/facebook.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/seo/page-1.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/seo/page-2.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/seo/page-3.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/seo/page-4.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/seo/page-5.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/seo/page-6.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=063675
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=069466
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/telecom/access.php?uid=936997
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/telecom/addcustomer.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/telecom/addtariffplans.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/telecom/billing.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/telecom/index.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/ajax.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/ajax.html?name=ZAP
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/autoit.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/block.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/cookie/selenium_aut.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/drag_drop.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/facebook.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/flash-testing.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/guru99home/
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/guru99home/ads.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/guru99home/scrolling.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/image_upload/
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/link.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/login.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/newtours/register.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/newtours/reservation.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/newtours/reservation2.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/newtours/support.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/radio.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/social-icon.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/table.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/tooltip.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/upload/
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/yahoo.html
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/V1/index.php
Method GET
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://public-firing-range.appspot.com
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/address
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/address/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/angular
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/angular/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/badscriptimport
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/badscriptimport/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/clickjacking
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/clickjacking/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/cors
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/cors/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/dom
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/dom/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/dom/javascripturi.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/escape
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/escape/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/flashinjection
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/flashinjection/callbackIsEchoedBack?callback=func
Method GET
Parameter cache-control
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/flashinjection/callbackParameterDoesNothing?callback=func
Method GET
Parameter cache-control
Attack
Evidence
Other Info
URL https://public-firing-range.appspot.com/flashinjection/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity_dynamically_added.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/leakedcookie
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/leakedcookie/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/mixedcontent
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/mixedcontent/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/redirect
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/redirect/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/reflected
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/reflected/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/remoteinclude
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/object_hash.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/remoteinclude/script_hash.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/reverseclickjacking/
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/stricttransportsecurity/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/tags
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/tags/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/urldom
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/urldom/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/vulnerablelibraries
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/vulnerablelibraries/index.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://public-firing-range.appspot.com/vulnerablelibraries/jquery.html
Method GET
Parameter cache-control
Attack
Evidence public, max-age=600
Other Info
URL https://demo.guru99.com/insurance/v1/new_quotation.php
Method POST
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/insurance/v1/retrieve_quotation.php
Method POST
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method POST
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method POST
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/telecom/addtariffplans.php
Method POST
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method POST
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/telecom/billing.php
Method POST
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/birthdate.php
Method POST
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/cookie/selenium_cookie.php
Method POST
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/delete_customer.php
Method POST
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/flash-testing.html
Method POST
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/image_upload/ajaximage.php
Method POST
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/newtours/register.php
Method POST
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/newtours/reservation2.php
Method POST
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/test/success.html
Method POST
Parameter cache-control
Attack
Evidence max-age=600
Other Info
URL https://demo.guru99.com/V1/index.php
Method POST
Parameter cache-control
Attack
Evidence max-age=600
Other Info
Instances 119
Solution
For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the directives "public, max-age, immutable".
Reference https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
https://grayduck.mn/2021/09/13/cache-control-recommendations/
CWE Id 525
WASC Id 13
Plugin Id 10015
Informational
Session Management Response Identified
Description
The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to "Auto-Detect" then this rule will change the session management to use the tokens identified.
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence 0448AB0ED6C91159919BE73F6345C0E6
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence 18A2EBFF4936320AD1EEEB3341EA01D4
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence 33A3FE8B6A527DFCE7620B20529C12FA
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence 349AB47B1061CA62238BE6A6BCDAFAD3
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence 407DA006AECE494123A04506F2A9ECF5
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence 4FCFE06C13D66C24B15F864A11B997DD
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence 5A33F137A0FD627F4A5B3D11D1B919F3
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence 5CBD62F159DD658A5E184BC3BD37AECC
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence 8734D1E46777342DC2EE83B007CD8EE2
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence 89B02A2B79F75F1410E0DB98BC30C6D1
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence 8B82FF2CC59E8AB6C9F17F559D8F5ED4
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence 915845EFFA5D761964C6AD07A128B10B
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence 941168C38845F38E8040154C137DB877
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence 9A10441F243BECEE482B21769735A095
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence A22DB34A8772A4D608E34159C47C453C
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence A4E25C37053DD56A9040B2A164B79553
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence B584B16C385F31F10E354FCCE4800152
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence CACF37E8136A2983FB6567152E055AF2
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence F4CDC10F5A22EEDA573DFDC5FA5A7015
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence FE69E7782CB979AA91DE758AEE96CED9
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/product.jsp?typeid=1
Method GET
Parameter JSESSIONID
Attack
Evidence 7500A83A3DB4C96BB1DE351A7091E5D0
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/product.jsp?typeid=2
Method GET
Parameter JSESSIONID
Attack
Evidence A329FA556790B84292975A3CA0E173AB
Other Info cookie:JSESSIONID
URL https://demo.guru99.com/test/newtours/
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://public-firing-range.appspot.com/leakedcookie/leakedcookie
Method GET
Parameter my_secret_cookie
Attack
Evidence 0mERtClmz/8=
Other Info cookie:my_secret_cookie
URL https://public-firing-range.appspot.com/leakedcookie/leakedcookie
Method GET
Parameter my_secret_cookie
Attack
Evidence ven4/JO9C+A=
Other Info cookie:my_secret_cookie
URL https://public-firing-range.appspot.com/leakedcookie/leakedinresource
Method GET
Parameter my_secret_cookie
Attack
Evidence ZHLgr9oZ4M8=
Other Info cookie:my_secret_cookie
URL https://public-firing-range.appspot.com/leakedcookie/leakedinresource
Method GET
Parameter my_secret_cookie
Attack
Evidence ceVtMkOZH1Q=
Other Info cookie:my_secret_cookie
URL http://demo.guru99.com/
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL http://demo.guru99.com/
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL http://demo.guru99.com/seo/page-2.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL http://demo.guru99.com/seo/page-3.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL http://demo.guru99.com/seo/page-4.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL http://demo.guru99.com/seo/page-6.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL http://demo.guru99.com/test/js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL http://demo.guru99.com/test/js/home-bar.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL http://demo.guru99.com/test/js/jquery.js
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL http://demo.guru99.com/test/js/treemenu.js
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL http://demo.guru99.com/test/msgr11us.exe
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL http://demo.guru99.com/test/newtours/
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL http://demo.guru99.com/test/tooltip.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence 18A2EBFF4936320AD1EEEB3341EA01D4
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method GET
Parameter JSESSIONID
Attack
Evidence 5CBD62F159DD658A5E184BC3BD37AECC
Other Info cookie:JSESSIONID
URL https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/agile-testing-course.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/Agi_V1/
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/Agi_V1/customer/css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/Agi_V1/customer/css/style.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/Agi_V1/customer/JavaScript
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/Agi_V1/customer/scripts/commonstyle.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/css/bootstrap.min.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/css/bootstrap.min.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/css/main.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/css/slider-cars.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/images/2.gif
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/js/bootstrap.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/js/bootstrap.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/js/slider-cars.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Agile_Project/scripts/validate_login.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/angularjs-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/apache.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/asp-net-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/blockchain-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/business-analyst-tutorial-course.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/c-programming-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/c-programming-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/c-programming-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/c-sharp-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/c-sharp-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/c-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/classes
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/cloud-computing-for-beginners.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/co-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/co-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/co-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/codeigniter-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/compiler-design-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/data-warehousing-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/dbms-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/excel-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/excel-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/free-digital-marketing-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/free-digital-marketing-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/hp-alm-free-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/images/logo/favicon.ico
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/images/testing-logo-1.png
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/img/favicon.ico?1461205423
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/css/bootstrap.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/css/bootstrap.min.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/css/custom.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/css/custom.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/css/home-bar.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/css/main.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/css/main.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/css/style.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/favicon.png
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/favicon.png
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/header.php
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/header.php
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/index.php
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/javascript/bootstrap.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/javascript/jquery.timeago.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/javascript/slider-cars.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/javascript/treemenu.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/register.php
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/register.php
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/register.php
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/interactive-javascript-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/interactive-javascript-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/jenkins-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/jira-tutorial-a-complete-guide-for-beginners.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/live-agile-testing-project.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/live-php-project-learn-complete-web-development-cycle.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/live-selenium-project.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/loadrunner-v12-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/logo.png
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/mantis-bug-tracker-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/mariadb-tutorial-install.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/mariadb-tutorial-install.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/media/gantry5/assets/js/matchmedia.polyfill.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/media/gantry5/engines/nucleus/css/nucleus-ie9.css?59966afb
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/mis-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/mis-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/ms-access-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/ms-access-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/ms-access-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/mysql-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/mysql-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/node-js-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/overview-of-sap-security.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/assets/css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/assets/css/main.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/assets/js/bootstrap.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/assets/js/bootstrap.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/assets/js/home-bar.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/assets/js/main.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/assets/js/skel.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/assets/js/treemenu.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/assets/js/util.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/cardnumber.php
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/images/american.png
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/images/american.png
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/images/american.png
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/images/card
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/images/card/temp-88.jpg
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/images/card/temp-88.jpg
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/purchasetoy.php
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/perl-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/perl-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/php-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/php-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/pl-sql-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/postgresql-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/postgresql-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/practitest-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/practitest-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/python-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/qtest-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/qtest-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/quick-test-professional-qtp-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/release-notes
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/release-notes
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/ruby-on-rails-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-basis-training-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-basis-training-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-bi.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-bi.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-bods-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-bpc.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-crm-training.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-fico-training-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-fico-training-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-hcm.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-mm-training-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-payroll.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-pi-process-integration-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-pp-tutorials.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-quality-management-qm-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-quality-management-qm-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-training-hub.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sap-training-hub.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/images
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/images/2.gif
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/images/3.gif
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/scripts
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/SEC_V1/customer/css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/SEC_V1/customer/css/bootstrap.min.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/SEC_V1/customer/css/home-bar.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/SEC_V1/customer/css/style.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/bootstrap.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/bootstrap.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/home-bar.js
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/jquery.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/slider-cars.js
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/test.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/treemenu.js
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/SEC_V1/customer/scripts
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/SEC_V1/customer/scripts/commonstyle.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/selenium-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/seo/images
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/seo/images/041318_0534_WhatisFullf1.png
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/seo/images/041318_0534_WhatisFullf1.png
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/seo/images/041318_0552_WhatisSAPBu1.png
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/seo/images/051818_1048_SoftwareCon1.png
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/seo/images/051818_1048_SoftwareCon2.png
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/seo/images/051818_1048_SoftwareCon2.png
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/seo/js/b40b8f484a50c7147e39e067a6f3d6ef_0.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/seo/js/jquery.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/seo/page-3.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/seo/page-6.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/software-engineering-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sql.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/sql.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/talend-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/access.php?uid=063675
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/addcustomer.php
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/addtariffplans.php
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/addtariffplans.php
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/css/custom.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/css/slider-cars.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/bootstrap.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/bootstrap.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/jquery.js
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/jquery.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/jquery.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/jquery.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/jquery.scrolly.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/jquery.scrolly.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/main.js
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/skel.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/slider-cars.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/tariffplan.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/test.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/treemenu.js
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/treemenu.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/util.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/w3.js
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assets/js/w3.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/billing.php
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/billing.php
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/images
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/index.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/index.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/accountingjs
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/accountingjs/AccountCSS.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/accountingjs/af3cfffb95196d4da1e9e744fbfc7875.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/accountingjs/jquery-ui.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/accountingjs/lesson6.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/birthdate.php
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/cookie/bootstrap.min.css
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/cookie/bootstrap.min.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/css/custom.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/css/custom.css
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/css/home-bar.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/css/main.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/css/main.css
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/css/slider-cars.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/css/style.css
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/guru99home/
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/guru99home/ads.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/guru99home/ads.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/guru99home/images
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/guru99home/images/app_google_play(1).png
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/guru99home/images/logo_1.png
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/guru99home/images/logo_respnsivsite.png
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/guru99home/Jmeter720.png
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/guru99home/Jmeter720.png
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/guru99home/js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/guru99home/js/jquery.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/guru99home/js/jquery.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/image_upload/loader.gif
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/image_upload/scripts
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/image_upload/scripts/jquery.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/img/tooltips.jpg
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/js/jquery.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/js/jquery.tools.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/js/jquery.tools.min.js
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/js/w3.js
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/js/w3.js
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/main.min.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/msgr11us.exe
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/msgr11us.exe
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/msgr11us.exe
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/images/banner2.gif
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/images/featured_destination.gif
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/images/hdr_findflight.gif
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/images/hdr_links.gif
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/images/home.gif
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/images/icn_destinations.gif
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/images/icn_register.gif
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/images/mast_construction.gif
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/images/mast_register.gif
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/images/mast_signon.gif
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/images/submit.gif
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/login.php
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/toDay
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/scrolling.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/upload/css/banner-styles.css
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/upload/css/banner-styles.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/upload/css/style.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/upload/register.php
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/upload/rules.php
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/uml-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/uml-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/unix-linux-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/utlimate-guide-etl-datawarehouse-testing.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/V1/css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/V1/css/bootstrap.min.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/V1/css/bootstrap.min.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/V1/css/custom.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/V1/css/main.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/V1/css/slider-cars.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/V1/css/style.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/V1/css/style.css
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/V1/index.php
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/V1/JavaScript/slider-cars.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/V1/JavaScript/treemenu.js
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/V4/css/bootstrap.min.css
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/V4/JavaScript/jquery.js
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/V4/JavaScript/jquery.js
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/vb-net-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/vba-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/web-services-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/web-services-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/bootstrap.min.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/custom.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/custom.css
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/home-bar.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/main.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/main.css
Method GET
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/slider-cars.css
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/web/20141011154238im_/http:/www.megafileupload.com/skin/custom/images
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/web/20141011154238im_/http:/www.megafileupload.com/skin/custom/images/delete.png
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/what-is-sap.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/wpf-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/wpf-tutorial.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/zephyr-agile-jira.html
Method GET
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter JSESSIONID
Attack
Evidence 5CBD62F159DD658A5E184BC3BD37AECC
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method POST
Parameter JSESSIONID
Attack
Evidence 18A2EBFF4936320AD1EEEB3341EA01D4
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method POST
Parameter JSESSIONID
Attack
Evidence 33A3FE8B6A527DFCE7620B20529C12FA
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method POST
Parameter JSESSIONID
Attack
Evidence 4FCFE06C13D66C24B15F864A11B997DD
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method POST
Parameter JSESSIONID
Attack
Evidence 5A33F137A0FD627F4A5B3D11D1B919F3
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method POST
Parameter JSESSIONID
Attack
Evidence 5CBD62F159DD658A5E184BC3BD37AECC
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method POST
Parameter JSESSIONID
Attack
Evidence 8B82FF2CC59E8AB6C9F17F559D8F5ED4
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method POST
Parameter JSESSIONID
Attack
Evidence A22DB34A8772A4D608E34159C47C453C
Other Info cookie:JSESSIONID
URL http://localhost:8090/bodgeit/login.jsp
Method POST
Parameter JSESSIONID
Attack
Evidence B584B16C385F31F10E354FCCE4800152
Other Info cookie:JSESSIONID
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method POST
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/index.php
Method POST
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/index.php
Method POST
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/logout.php
Method POST
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/new_quotation.php
Method POST
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/insurance/v1/register.php
Method POST
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/check_credit_balance.php
Method POST
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/process_card.php
Method POST
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/process_card.php
Method POST
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method POST
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/payment-gateway/process_purchasetoy.php
Method POST
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/addtariffplans.php
Method POST
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/assigntariffplantocustomer.php
Method POST
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/billing.php
Method POST
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/telecom/insertcustomer.php
Method POST
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/birthdate.php
Method POST
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/cookie/selenium_cookie.php
Method POST
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/cookie/selenium_cookie.php
Method POST
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/delete_customer.php
Method POST
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/image_upload/ajaximage.php
Method POST
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/index.php
Method POST
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/register.php
Method POST
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/reservation2.php
Method POST
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/newtours/reservation2.php
Method POST
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/success.html
Method POST
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/test/upload/emaillinks.php
Method POST
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/V1/index.php
Method POST
Parameter PHPSESSID
Attack
Evidence 8ae06253a55a43976cdb54833b3e3e50
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/V1/index.php
Method POST
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/web/20141011154238/http:/212.7.194.85/cgi-bin/upload.cgi?maxfilesize=206000000
Method POST
Parameter PHPSESSID
Attack
Evidence 75b207e09ffe46f571f314258999210e
Other Info cookie:PHPSESSID
URL https://demo.guru99.com/web/20141011154238/http:/212.7.194.85/cgi-bin/upload.cgi?maxfilesize=206000000
Method POST
Parameter PHPSESSID
Attack
Evidence c95e591753b50fcbff83f96286cd14ef
Other Info cookie:PHPSESSID
Instances 393
Solution
This is an informational alert rather than a vulnerability and so there is nothing to fix.
Reference https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id
CWE Id
WASC Id
Plugin Id 10112
Informational
User Controllable HTML Element Attribute (Potential XSS)
Description
This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.
URL http://localhost:8090/bodgeit/product.jsp?prodid=10
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=10 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=10 The user-controlled value was: 10
URL http://localhost:8090/bodgeit/product.jsp?prodid=10
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=10 appears to include user input in: a(n) [table] tag [width] attribute The user input found was: prodid=10 The user-controlled value was: 100%
URL http://localhost:8090/bodgeit/product.jsp?prodid=11
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=11 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=11 The user-controlled value was: 11
URL http://localhost:8090/bodgeit/product.jsp?prodid=12
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=12 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=12 The user-controlled value was: 12
URL http://localhost:8090/bodgeit/product.jsp?prodid=13
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=13 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=13 The user-controlled value was: 13
URL http://localhost:8090/bodgeit/product.jsp?prodid=14
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=14 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=14 The user-controlled value was: 14
URL http://localhost:8090/bodgeit/product.jsp?prodid=15
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=15 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=15 The user-controlled value was: 15
URL http://localhost:8090/bodgeit/product.jsp?prodid=16
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=16 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=16 The user-controlled value was: 16
URL http://localhost:8090/bodgeit/product.jsp?prodid=16
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=16 appears to include user input in: a(n) [td] tag [width] attribute The user input found was: prodid=16 The user-controlled value was: 16%
URL http://localhost:8090/bodgeit/product.jsp?prodid=17
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=17 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=17 The user-controlled value was: 17
URL http://localhost:8090/bodgeit/product.jsp?prodid=18
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=18 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=18 The user-controlled value was: 18
URL http://localhost:8090/bodgeit/product.jsp?prodid=19
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=19 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=19 The user-controlled value was: 19
URL http://localhost:8090/bodgeit/product.jsp?prodid=20
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=20 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=20 The user-controlled value was: 20
URL http://localhost:8090/bodgeit/product.jsp?prodid=21
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=21 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=21 The user-controlled value was: 21
URL http://localhost:8090/bodgeit/product.jsp?prodid=22
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=22 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=22 The user-controlled value was: 22
URL http://localhost:8090/bodgeit/product.jsp?prodid=23
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=23 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=23 The user-controlled value was: 23
URL http://localhost:8090/bodgeit/product.jsp?prodid=24
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=24 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=24 The user-controlled value was: 24
URL http://localhost:8090/bodgeit/product.jsp?prodid=25
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=25 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=25 The user-controlled value was: 25
URL http://localhost:8090/bodgeit/product.jsp?prodid=25
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=25 appears to include user input in: a(n) [td] tag [width] attribute The user input found was: prodid=25 The user-controlled value was: 25%
URL http://localhost:8090/bodgeit/product.jsp?prodid=26
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=26 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=26 The user-controlled value was: 26
URL http://localhost:8090/bodgeit/product.jsp?prodid=27
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=27 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=27 The user-controlled value was: 27
URL http://localhost:8090/bodgeit/product.jsp?prodid=28
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=28 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=28 The user-controlled value was: 28
URL http://localhost:8090/bodgeit/product.jsp?prodid=29
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=29 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=29 The user-controlled value was: 29
URL http://localhost:8090/bodgeit/product.jsp?prodid=30
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=30 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=30 The user-controlled value was: 30
URL http://localhost:8090/bodgeit/product.jsp?prodid=30
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=30 appears to include user input in: a(n) [td] tag [width] attribute The user input found was: prodid=30 The user-controlled value was: 30%
URL http://localhost:8090/bodgeit/product.jsp?prodid=31
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=31 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=31 The user-controlled value was: 31
URL http://localhost:8090/bodgeit/product.jsp?prodid=32
Method GET
Parameter prodid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=32 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=32 The user-controlled value was: 32
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_ng/1.4.0?q=test
Method GET
Parameter q
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/angular/angular_body_attribute_ng/1.4.0?q=test appears to include user input in: a(n) [div] tag [ng-class] attribute The user input found was: q=test The user-controlled value was: test
URL https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng_raw/1.4.0?q=test
Method GET
Parameter q
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng_raw/1.4.0?q=test appears to include user input in: a(n) [div] tag [class] attribute The user input found was: q=test The user-controlled value was: test
URL https://public-firing-range.appspot.com/redirect/meta?q=/
Method GET
Parameter q
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/redirect/meta?q=/ appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: q=/ The user-controlled value was: 0;/
URL https://public-firing-range.appspot.com/remoteinclude/parameter/object/application_x-shockwave-flash?q=https://google.com
Method GET
Parameter q
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/remoteinclude/parameter/object/application_x-shockwave-flash?q=https://google.com appears to include user input in: a(n) [object] tag [data] attribute The user input found was: q=https://google.com The user-controlled value was: https://google.com
URL https://public-firing-range.appspot.com/remoteinclude/parameter/object_raw?q=https://google.com
Method GET
Parameter q
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/remoteinclude/parameter/object_raw?q=https://google.com appears to include user input in: a(n) [object] tag [data] attribute The user input found was: q=https://google.com The user-controlled value was: https://google.com
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://127.0.0.2/localhost_import.js
Method GET
Parameter q
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://127.0.0.2/localhost_import.js appears to include user input in: a(n) [script] tag [src] attribute The user input found was: q=http://127.0.0.2/localhost_import.js The user-controlled value was: http://127.0.0.2/localhost_import.js
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js
Method GET
Parameter q
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js appears to include user input in: a(n) [script] tag [src] attribute The user input found was: q=http://192.168.1.2/private_network_import.js The user-controlled value was: http://192.168.1.2/private_network_import.js
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://g00gle.com/typosquatting_domain.js
Method GET
Parameter q
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://g00gle.com/typosquatting_domain.js appears to include user input in: a(n) [script] tag [src] attribute The user input found was: q=http://g00gle.com/typosquatting_domain.js The user-controlled value was: http://g00gle.com/typosquatting_domain.js
URL https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=https://google.com
Method GET
Parameter q
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=https://google.com appears to include user input in: a(n) [script] tag [src] attribute The user input found was: q=https://google.com The user-controlled value was: https://google.com
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter productid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [table] tag [width] attribute The user input found was: productid=10 The user-controlled value was: 100%
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter productid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [td] tag [width] attribute The user input found was: productid=16 The user-controlled value was: 16%
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter productid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [td] tag [width] attribute The user input found was: productid=25 The user-controlled value was: 25%
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter productid
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [td] tag [width] attribute The user input found was: productid=30 The user-controlled value was: 30%
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter quantity_1
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [input] tag [value] attribute The user input found was: quantity_1=33 The user-controlled value was: 33
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter quantity_14
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [input] tag [value] attribute The user input found was: quantity_14=33 The user-controlled value was: 33
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter quantity_23
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [input] tag [value] attribute The user input found was: quantity_23=33 The user-controlled value was: 33
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter quantity_24
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [input] tag [value] attribute The user input found was: quantity_24=33 The user-controlled value was: 33
URL http://localhost:8090/bodgeit/basket.jsp
Method POST
Parameter update
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [input] tag [value] attribute The user input found was: update=Update Basket The user-controlled value was: update basket
URL https://demo.guru99.com/Agile_Project/Agi_V1/index.php
Method POST
Parameter btnLogin
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/Agile_Project/Agi_V1/index.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: btnLogin=LOGIN The user-controlled value was: login
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter _method
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/insurance/v1/header.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: _method=patch The user-controlled value was: patch
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter user[dateofbirth(1i)]
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/insurance/v1/header.php appears to include user input in: a(n) [option] tag [value] attribute The user input found was: user[dateofbirth(1i)]=1989 The user-controlled value was: 1989
URL https://demo.guru99.com/insurance/v1/header.php
Method POST
Parameter user[title]
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/insurance/v1/header.php appears to include user input in: a(n) [option] tag [value] attribute The user input found was: user[title]=Mrs The user-controlled value was: mrs
URL https://demo.guru99.com/Security/SEC_V1/index.php
Method POST
Parameter btnLogin
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/Security/SEC_V1/index.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: btnLogin=LOGIN The user-controlled value was: login
URL https://demo.guru99.com/test/delete_customer.php
Method POST
Parameter submit
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/delete_customer.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit=Submit The user-controlled value was: submit
URL https://demo.guru99.com/test/delete_customer.php
Method POST
Parameter submit
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/delete_customer.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit=Submit The user-controlled value was: submit
URL https://demo.guru99.com/test/delete_customer.php
Method POST
Parameter submit
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/delete_customer.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit=Submit The user-controlled value was: submit
URL https://demo.guru99.com/test/newtours/index.php
Method POST
Parameter action
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/index.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: action=process The user-controlled value was: process
URL https://demo.guru99.com/test/newtours/index.php
Method POST
Parameter submit
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/index.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit=Submit The user-controlled value was: submit
URL https://demo.guru99.com/test/newtours/index.php
Method POST
Parameter submit
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/index.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit=Submit The user-controlled value was: submit
URL https://demo.guru99.com/test/newtours/index.php
Method POST
Parameter submit
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/index.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit=Submit The user-controlled value was: submit
URL https://demo.guru99.com/test/newtours/login.php
Method POST
Parameter action
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/login.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: action=process The user-controlled value was: process
URL https://demo.guru99.com/test/newtours/login.php
Method POST
Parameter submit
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/login.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit=Submit The user-controlled value was: submit
URL https://demo.guru99.com/test/newtours/login.php
Method POST
Parameter submit
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/login.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit=Submit The user-controlled value was: submit
URL https://demo.guru99.com/test/newtours/login.php
Method POST
Parameter submit
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/login.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit=Submit The user-controlled value was: submit
URL https://demo.guru99.com/test/newtours/register.php
Method POST
Parameter country
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/register.php appears to include user input in: a(n) [option] tag [value] attribute The user input found was: country=ALGERIA The user-controlled value was: algeria
URL https://demo.guru99.com/test/newtours/register.php
Method POST
Parameter mercury
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/register.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: mercury=process The user-controlled value was: process
URL https://demo.guru99.com/V1/index.php
Method POST
Parameter btnLogin
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/V1/index.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: btnLogin=LOGIN The user-controlled value was: login
Instances 64
Solution
Validate all input and sanitize output it before writing to any HTML attributes.
Reference https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
CWE Id 20
WASC Id 20
Plugin Id 10031
Informational
User Controllable JavaScript Event (XSS)
Description
This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_quoted/DOUBLE_QUOTED_ATTRIBUTE?q=a
Method GET
Parameter q
Attack
Evidence
Other Info User-controlled javascript event(s) was found. Exploitability will need to be manually determined. The page at the following URL: https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_quoted/DOUBLE_QUOTED_ATTRIBUTE?q=a includes the following Javascript event which may be attacker-controllable: User-input was found in the following data of an [onclick] event: a The user input was: a
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_singlequoted/SINGLE_QUOTED_ATTRIBUTE?q=a
Method GET
Parameter q
Attack
Evidence
Other Info User-controlled javascript event(s) was found. Exploitability will need to be manually determined. The page at the following URL: https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_singlequoted/SINGLE_QUOTED_ATTRIBUTE?q=a includes the following Javascript event which may be attacker-controllable: User-input was found in the following data of an [onclick] event: a The user input was: a
URL https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_unquoted/UNQUOTED_ATTRIBUTE?q=a
Method GET
Parameter q
Attack
Evidence
Other Info User-controlled javascript event(s) was found. Exploitability will need to be manually determined. The page at the following URL: https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_unquoted/UNQUOTED_ATTRIBUTE?q=a includes the following Javascript event which may be attacker-controllable: User-input was found in the following data of an [onclick] event: a The user input was: a
Instances 3
Solution
Validate all input and sanitize output it before writing to any Javascript on* events.
Reference https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
CWE Id 20
WASC Id 20
Plugin Id 10043